New global data shows that those government employees that work solely in the office are the new minority, IT lacks visibility, and user actions put the government at risk.
I’ve already written this year about how government employees continue to be phishing targets. The challenge is that some governmental agencies are not up to date on the necessary technology, processes and methods of properly securing an environment from cyber attack. According to Ivanti’s Government Cybersecurity Status Report, it’s evident that the user’s working remotely has some impact on the government’s state of security.
- 70% of government employees work remotely to some degree
- Globally, 34% of government employees believe their actions don’t impact the organization’s state of cybersecurity
- 34% use the same or similar passwords across multiple devices
- 21% of employees say they don’t care if the organization gets hacked
- 72% have never contacted security to ask a question or voice a concern
With employees not thinking about the organization’s cybersecurity stance, it’s left to IT to figure out ways to monitor for attacks. But, according to Ivanti, 47% of security professionals say they don’t have enough visibility into every “user, device, application and service” on their network. This means, we need to address the real problem – users.
This lack of a cybersecurity culture can only be addressed by educating the user on how cyber attacks impact the organization and even the employee themselves, while also making it clear why it’s important to integrate a vigilant mindset when interacting with known attack vectors – specifically phishing. This is accomplished using continual Security Awareness Training in conjunction with phishing testing, and a program designed to build a culture of cybersecurity within the organization.