Netwrix has announced government industry findings from its global 2021 Netwrix Cloud Data Security Report which found that detecting and resolving data leakage is a top security challenge for public sector organizations.
The survey found that in 2020, the most common incidents that government agencies experienced in the cloud were phishing (reported by 39% of organizations), accidental data leakage (24%) and targeted attacks on the infrastructure (22%).
Data leakage was the hardest of the three to detect as 27% of organizations required days to flag it, while phishing and targeted attacks were spotted in hours or less by almost 100% of organizations. Resolving data leakage also took longer than other incidents, requiring days (32%), weeks (11%) or months (23%).
The top consequences of cloud breaches in the public sector were unplanned expenses to fix security gaps (28%), customer churn and/or loss of credibility (13%) and change in senior leadership (11%).
Most government agencies attribute their cloud security challenges to lack of IT/security staff (65%), employee negligence (59%) and lack of budget (53%). Indeed, only 24% of public organizations received extra budget for cybersecurity even though in our 2019 survey, 45% expected their budget to grow in 2020. On average, public sector organizations allocate only 14% of their cybersecurity budget to cloud security, which is the lowest result for any sector.
Other survey findings include:
- Despite government initiatives encouraging cloud adoption and the recent increase in remote work, half of public sector organizations do not store any data in the cloud.
- In response to the pandemic, 47% had to change their IT priorities but stick to their existing budget.
- The top security measures government agencies are taking in response to cloud security challenges are auditing of user activity (65%), data classification (56%) and privilege attestation (53%).
The 2021 Netwrix Cloud Data Security Report is based on feedback from 937 IT professionals worldwide who use private and public cloud services to store their data.