A quarter of government agencies reported an accidental cloud leak in 2020, with phishing topping the list of cloud-based cybersecurity incidents.
Second was accidental data leakage (24 percent) and targeted attacks on the infrastructure (22 percent), according to the global 2021 Netwrix Cloud Data Security Report.
Among them, data leakage was the hardest to detect with 27 percent of organisations requiring days to flag it, while phishing and targeted attacks have been detected in hours or less by almost 100 percent of organisations.
Resolving data leakage also took more time than other incidents requiring days (32 percent), weeks (11 percent) and months (23 percent) to recover.
The biggest consequences of cloud breaches in the public sector included unplanned expenses to fix security gaps (28 percent), customer churn and/or loss of credibility (13 percent) and change in senior leadership (11 percent).
Most government agencies attribute cloud security challenges to lack of IT/security staff (named by 65 percent of respondents), employee negligence (59 percent) and lack of budget (53 percent).
You might also like
Indeed, budget constraints remain a critical issue for the public sector from year to year, with only 24 percent of organisations receiving extra budget for cybersecurity in the previous year (while in 2019, 45 percent expected their budgets for 2020 to grow).
On average, public sector can allocate only 14 percent of the cybersecurity budget to cloud security, which is the lowest result compared to other sectors.
Additional findings for the public sector include the following:
- Despite government initiatives and remote work to encourage cloud adoption, every second agency in the public sector doesn’t store any data in the cloud
- 29 percent store employee data and 25 percent store financial information in the cloud
- In response to the pandemic, 47 percent had to change their IT priorities but stick to their existing budget
- To withstand cloud security challenges, top 3 security measures government agencies are taking are auditing of user activity (65 percent), data classification (56 percent) and privilege attestation (53 percent)
“Lack of resources and the complexity of multi-cloud environments make it difficult to build consistent security controls,” said Ilia Sotnikov, VP of product management at Netwrix.
“Experts recommend starting by classifying all data. That way, organisations can ensure they know where their sensitive data resides, apply appropriate controls in accordance with its sensitivity and establish auditing process to detect threats promptly.”