Most public sector IT professionals believe a lack of expertise and resources are hindering cyber posture as well.
The growing assortment of cyber threats focused on the public sector and anxiety over resources has half of public sector IT decision-makers not “fully confident” their agencies and organizations could properly respond, according to a survey released last week by Texas-based Rackspace Technology.
The survey polled 1,420 government IT decision-makers regarding malware, phishing, supply chain, ransomware, cloud, internet of things and application-based attacks, and found fewer than half believe they could mitigate or understand those threats.
The survey comes as government agencies became by far the most targeted sector by hackers in the past year, with U.S. federal agencies facing nearly half of all cyberattacks.
“Though most respondents to our survey say they are ‘prepared’ for cyber-attacks, there is a high degree of anxiety about their ability to effectively confront adversaries who are increasingly sophisticated,” Jeff DeVerter, Chief Evangelist for Rackspace Technology, said in a statement. “Moreover, the expanding use of the cloud, IoT and applications, as well as a tight talent market and an increase in remote work—largely driven by the pandemic—have made the security environment much more challenging.”
Despite long-running government efforts to improve the cybersecurity talent gap, more than half of survey respondents (52%) expressed significant concerns over recruiting and retaining cybersecurity talent. In addition, more than 8 in 10 (84%) said they lack the expertise to meet current cybersecurity and compliance challenges. Time constraints (73%) and lack of training (59%) were also highly-cited challenges by respondents.
“Few organizations actually have the people, processes and technologies that match a modern cybersecurity model,” DeVerter said.
Respondents were most concerned about cyberattacks on their network operating systems (58%), networks and platforms (54%) and web apps (53%). They were least concerned about stolen credentials or unauthorized exposure to data (42%).
The survey also revealed that public sector IT professionals said their organizations usually have between one and five external partners who provide cybersecurity services, and most organizations manage their cybersecurity with an in-house staff.
The most effective tools for mitigating cyber challenges cited by respondents were security automation (58%), advanced endpoint security (56%), recognizing supply chain security risks (53%) and continuing response improvements (53%). Forty-nine percent of respondents said adopting a zero-trust security framework would address cybersecurity challenges.