Public sector failing to see security threats

New research shows that zero trust is viewed as of less importance compared to the private sector, and fewer public sector organisations see print security as a risk

Posted 12 May 2022 by Christine Horton

Zero trust security strategies are rapidly gaining momentum among medium- and large-sized businesses amid the growing frequency of security incidents. However, new research shows that the public sector rates most threats lower than its private sector counterparts.

Analyst Quocirca’s Zero Trust Trends 2022 survey shows the importance of zero trust is rated slightly lower and fewer see print security as a risk – which could be viewed as concerning given the high reliance of many public sector organisations on print and paper.

Public sector respondents rate most threats much lower than private sector counterparts. Overall, 40 percent of organisations say security incidents will rise significantly, and 50 percent say will rise slightly. In the public sector, 35 percent say security incidents will rise significantly and 60 percent slightly. This compares to 54 percent in the finance sector that expect security incidents to rise significantly.

Just 25 percent believe external attacks are a significant threat compared to 39 percent in the finance sector, and just 18 percent believe attacks such as phishing or DDoS are a significant threat compared to 39 percent in the finance sector. This, said Quocirca, could indicate complacency or lack of awareness.

Zero trust less important in private sector

In total, 43 percent of ITDMs say zero trust is of critical importance. This drops to 40 percent in the public sector and rises to 59 percent in business and professional sector.

And only 85 percent in the public sector say it is critically or very important, which compares to 91 percent overall.

Overall, 42 percent of respondents have implemented zero trust, dropping to just 28 percent of public sector respondents. However plans are underway (40 percent). The top barrier to zero trust adoption in the public sector is cost – cited by 40 percent of respondents. This compares to 31 percent overall.

Print security gaps in the public sector

Overall, 49 percent of respondents say the print infrastructure is a significant (16 percent) or moderate security risk (33 percent). This compares to just 33 percent in the public sector (eight percent and 25 percent). Given the reliance on paper documents and printing in this sector, this is concerning.

Print and zero trust – while 50 percent overall include print as part of their zero trust security strategy, this drops to 37 percent in the public sector.

Quocirca’s research director, Louella Fernandes, comments: “Zero trust momentum may be growing, but businesses have a blind spot around print devices in security infrastructure. As sophisticated endpoints on the network that process sensitive data of all kinds, they should be treated in a similar way to all endpoints, with robust access control, management, and intrusion detection to ensure they are not compromised.

“For those in the print value chain, educating users on how the information-sensitive print environment can be a severe security issue if left unprotected should open a market for the inclusion of print protection services within an overall zero trust model. For MSPs, it makes sense to find partners in the print value chain with skills and solutions that can be leveraged to quickly and effectively provide print-inclusive zero trust services.”

Overall, 55 percent say they manage print security internally, rising to 65 percent in the public sector

And while 56 percent overall would be open to a single MSP for print and IT security, this drops to 35 percent in the public sector.