UK public sector: the biggest security threats uncovered

SolarWinds research has uncovered the leading security threats to the public sector – and the barriers that exist to managing the risks

Posted 27 September 2021 by Christine Horton

External breaches and the internal impact of COVID-19 IT policies have emerged as the leading security threats to the public sector.

A third (33 percent) of tech pros in the public sector say their organisations have had medium exposure to enterprise IT risk over the past 12 months, according to the SolarWinds IT Trends Report 2021: Building a Secure Future.

Twenty-three percent cited external security threats like cyberattacks as the top macro trend influencing their organisations’ risk exposure.

However, tech pros also flagged risk factors such as the distributed workforce or employee relocation (18 percent), remote work policies (18 percent) and the exponential growth of data as a result of new WFH needs (15 percent).

Likewise, 15 percent said the accelerated shift to remote working was one of the top aspects of current IT environments considered to increase an organisation’s risk exposure, as well as incomplete or inadequate security policies (13 percent).

Managing and mitigating risk

Forty percent of respondents said security and compliance ranked in the top three technologies most critical to managing and mitigating risk within their organisations, followed by artificial intelligence (AI)/machine learning (35 percent) and network infrastructure, automation, DBaaS solutions, and ITSM and/or ITAM solutions (25 percent, respectively).

Seventy-six percent “agree” or “strongly agree” their IT organisations are prepared to manage, mitigate, and resolve risk factor-related issues due to the policies and/or procedures they already have in place.

This finding is echoed by organisations’ careful approach to technology adoption and implementations in response to shifting demands of COVID-19 distributed work environments. Despite the accelerated timeline, 55 percent of respondents said standard or heightened risk management protocols were followed.

But while IT teams prioritise investments in AI/machine learning and automation as core technologies to help manage risk, implementation is hampered by dwindling resources and access to sufficient IT management solutions.

Six in 10 (63 percent) of tech pros surveyed “agreed” or “strongly agreed” technology is the best way for organisations to manage, mitigate, and resolve issues related to risk. 

Risk management being hampered

Despite understanding technology can play a critical role in enterprise IT risk management, barriers to its adoption and implementation exist. The top three challenges when to utilising technology to mitigate and/or manage risk within organisations reported by surveyed tech pros are: currently offered IT management solutions lack features/functionality to meet tech pro needs (48 percent); a lack of IT management solutions/tools available within organisation (40 percent) and poor management or lack of direction (40 percent).

Implementation is further hampered by 40 percent of surveyed IT pros admitting that while some of their monitoring and management tools are integrated to enhance visibility across their IT environment(s)—whether on-premises, cloud-based, or hybrid—other tools are still siloed.

Tech pros are overcoming these barriers by improving alignment between IT business goals and company leadership (35 percent) and developing policies and processes (28 percent).

They are also capitalising on an opportunity to foster greater alignment and collaboration with senior leaders who will best position their organisations to manage and mitigate risks in the future. 

Forty-eight percent of respondents are confident or extremely confident their IT organisations will continue to invest in risk management and mitigation technologies over the next three years. Another 48 percent perceive their organisation’s senior leaders or decision-makers to have a heightened awareness of risk exposure, believing it’s not “if” but “when” they will be impacted by a risk factor. But while 15 percent believe their organisation is prepared to mitigate and manage risk, 33 percent said their senior leaders have difficulty convincing other leaders of this reality, ultimately limiting resources to address risk.

This reinforces how more than a third (35 percent) of tech pros state their IT organisations are improving alignment between IT business goals and corporate leadership in response to other tech adoption barriers like a lack of training for IT personnel, and a lack of budget/resources.