Roughly one-third of government employees believe “their actions don’t matter when it comes to security,” according to a new survey.
With governments around the world increasingly turning to a hybrid work environment, personnel are simultaneously becoming less prepared to deal with new cyber risks and vulnerabilities that threaten the virtual office, according to the findings of a government cybersecurity survey released by IT company Ivanti on Thursday.
According to the report—which surveyed over 800 government employees in the U.S., Australia, France, Germany, Netherlands and United Kingdom —70% of respondents said that they worked virtually “at least some of the time,” with 8% of U.S. workers surveyed reporting that they were fully virtual and another 19% reporting that they were mostly virtual.
Given the increase in virtual and hybrid work, government employees’ increasing reliance on out-of-office technologies presents new challenges when it comes to cyber resilience.
“The proliferation of devices, users and locations adds complexity and new vulnerabilities for government security teams to tackle—while also combatting increasingly sophisticated threat actors,” the report said.
The report warned that employee disengagement and a lack of personal accountability when it comes to securing devices “compromises government cybersecurity,” with 34% of government workers surveyed believing that “their actions don’t matter when it comes to security.”
U.S. government workers were less likely than their counterparts in other countries to hold these views, according to the survey, with just 19% of U.S. respondents saying that their actions did not impact their organization’s ability to stay safe from cyberattacks. Comparatively, 53% of government employees surveyed in Germany held similar views, as well as 44% of government workers in France.
Poor cyber hygiene practices were also identified in the report, particularly when it came to government workers being required to update their passwords on a consistent basis. 40% of global respondents said they used the same work password for over a year; in the U.S., 32% of surveyed employees said they used the same work login information for more than 365 days. The use of the same or similar passwords across both personal and work devices was also identified as a risk, with 34% of global respondents saying they used the same or variations of similar passwords across multiple systems.
The survey also found a lack of disclosure regarding cyber threats, with 30% of total respondents reporting that they were the target of phishing, but that 36% “did not report a phishing email they received at work.” Approximately 5% of total respondents reported that they were the victim of a phishing attempt.
And despite the belief that younger employees are more tech savvy than their older counterparts, the report found that Gen Z and Millennial government workers “are more than twice as likely to reuse passwords between home and use the same password across multiple devices and logins.”
Srinivas Mukkamala, Ivanti’s chief product officer, warned that “we are in a state of urgency when it comes to securing critical infrastructure, along with public sector employees and the extremely sensitive data they have access to.”
“Government leaders around the world have recognized this urgency and are taking steps to combat ransomware, misinformation and to protect their critical assets and infrastructure,” he added. “If we don't focus on cybersecurity as a team effort and provide proactive security measures that enable a better employee experience, security teams and governments will continue to face an uphill battle.”