Findings from the 2018 Federal Edition of the Data Threat Report
So far in 2018, we’ve already seen a handful of government agency mishaps when it comes to security. Remember earlier this year when news broke that Hawaii's Emergency Management Agency was keeping their passwords on a Post-it note, right after a false missile alert was blasted to residents across the state?
We’ve also seen instances of U.S. citizens’ personal data being made available to the public, which has heightened awareness with government officials. For example, just last month Strava, a popular fitness navigation app, accidentally revealed the location of military bases in war zones worldwide potentially putting troops and U.S. national security at risk.
Today, we released the results of the Federal Edition of our 2018 Data Threat Report, which reinforces the need for federal agencies to update IT legacy systems and increase security for storing sensitive data. The report also reveals that the U.S. government continues to struggle with the same cybersecurity challenges that other industries face, but against a different set of obstacles (i.e. nation state hackers, compliance mandates and terribly outdated software).
The numbers don’t lie
Within the past year, 57% of federal respondents experienced a data breach. This marks a huge jump from the 2017 report (34% of breached) and the 2016 report (18%). To put it into perspective, only 26% of non-U.S. government agencies worldwide experienced a breach this past year. The numbers reveal that the trend from previous years continues, but even with a higher sense of urgency since digital transformation is becoming a significant driver for data threats at federal agencies.
The adoption of cloud and SaaS applications, big data implementations, IoT, containers, mobile payments and blockchain technologies already raise security risks since they require new approaches to protecting the data within each environment. Additionally, 81% of respondents reported that they will be storing sensitive data within these environments, making them a prime target for cybercriminals and emphasizing the need for strong security.
Put your money where the data is
The good news is that IT security spending is up. According to the report, 93% of federal IT leaders say their agency’s spending will increase this year compared to last year’s participants (73%). The bad news, which unfortunately trumps the good, is that organizations are spending their money on the wrong solutions.
Most respondents this year (56%) plan to increase spending on endpoint and mobile devices, despite the fact that endpoint and mobile devices rank as least effective at protecting sensitive federal data. Only 19% report to increase spending on data-at-rest solutions, which is ranked the most effective at preventing data breaches.
In order for federal agencies to learn where they should spend their budget, they need to start asking the right questions. For example, will this solution meet compliance and best practice requirements for protecting data from external threats or malicious insiders? Will this solution provide centralized key management to streamline operations? Will this solution allow us to confidently move sensitive data to a new hosted environment?
Breaking barriers with encryption
Unfortunately, as demonstrated above, federal IT teams are continuing to gravitate toward what they already know (protect your endpoints!) and think data security is overly complex and will introduce performance challenges. The respondents also revealed that lack of budget (53%) is the top barrier to implementing data security.
However, this way of thinking is 10+ years old and modern methods of protecting data through encryption have lower costs, very low performance overhead and little configuration/management headaches. Essentially, legacy thinking is extremely prohibitive in creating a valid security posture.
Fortunately, for the first time, we found that respondents recognize that the defenses designed specifically for protecting data are the most effective tools for doing so. Data-in-motion and data-at-rest defenses were close to a tie at 78% and 77% respectively as the most effective tools for protecting data. If we take a closer look, 84% are implementing or planning to implement encryption in the cloud within the next year – a massive jump from last year’s report (23%).
The results of this report create a clear trickle-down effect: data breaches are increasing so federal agencies are increasing spending; and agencies aren’t spending their money on the right security solutions because they are apprehensive about changing legacy solutions. Until there is a seismic shift in thinking and action to implement change, breach statistics will continue to rise.
Thales Federal promotes a data-centric approach to security and offers a comprehensive suite of solutions that provide protection for data-in-motion and data-at-rest. To learn more about Thales’ data encryption solutions, click here.