34% of US Federal Government Agencies Experienced Data Breach in the Last Year

Thales recently announced the results of its 2017 Thales Data Threat Report, Federal Edition, issued in conjunction with analyst firm 451 Research. When it comes to data breaches, 34% of federal respondents experienced a data breach in the last year and 65% experienced a data breach in the past. Almost all (96%) consider themselves “vulnerable,” with half (48%) stating they are “very” or “extremely” vulnerable. This number is higher than any other US vertical polled for the 2017 report.

IT security staffing and spending playing a role
Sixty-one% of US federal respondents are increasing security spending this year – up from last year’s 58% figure. But when compared to other industries this number is markedly lower (81% of healthcare respondents, 77% of retail respondents and 78% of financial services respondents claim to have increased spending). The federal spending figure may explain why 53% of federal respondents cite lack of budget and lack of staff (also 53%) as the top reasons for data insecurity.

Garrett Bekker, principal analyst for Information Security at 451 Research says: “The US federal government is racing to boost data security against odds not generally faced in the private sector today. A major challenge in securing the far-flung systems in the US federal government is the plethora of aging legacy systems still in place, with one example being a 53 year-old Strategic Automated Command and Control System at the Department of Defense that coordinates US nuclear forces and uses 8-inch floppy disks. In short, this ‘perfect storm’ of very old systems, tight budgets and being a prime cyber-crime target has created a stressful environment.”

Advanced technologies – and the role of encryption in protecting them
Pressures to use advanced technologies (cloud, Big Data, IoT, and containers) are only making the problem worse. While 92% of federal respondents will use sensitive data in an advanced technology environment this year, 71% of federal respondents believe this will occur without proper security in place.

On a positive note, encryption is cited as the top data security control (60%) for ensuring data privacy and enabling digital transformation through the use of advanced technologies. Additionally, 73% of respondents would increase their cloud-service deployments if offered data encryption in the cloud (with federal agencies maintaining control of the keys). Sixty-three% of respondents also list data encryption as the first choice for enabling further IoT deployments, and 55% cite encryption as the top security control for increasing container adoption.

Peter Galvin, VP of strategy, Thales e-Security says: “US federal agencies are fighting an uphill data-security battle. In addition to the issues cited, the federal sector has one of the most hopeful views of compliance, with 64% of respondents viewing it as ‘very’ or ‘extremely’ effective in preventing data breaches. As the breach count rises, it’s fair to question whether meeting compliance mandates are enough. There is encouraging news, however. Like their private sector peers, public sector IT employees are clearly interested in digital transformation through the use of new technologies. This innovation is admirable, but it must be paired with increased data security.”

Federal government agencies looking to existing legacy data sources while also taking advantage of advanced technologies should strongly consider:

• deploying security tool sets that offer services-based deployments, platforms and automation;
• discovering and classifying the location of sensitive data within cloud, SaaS, big data, IoT and container environments; and
• leveraging encryption and Bring Your Own Key (BYOK) technologies for all advanced technologies.

(Source: Thales)