Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Five Cybersecurity Insights for the Public Sector

A new global study conducted by Ponemon Institute explores cyber risk in the public sector: What are the top priorities for public sector cybersecurity leaders in 2019? Why has preventing attacks on OT become a major concern?

Cybersecurity in Public Sector: Five Insights You Need to Know presents the results of a Ponemon Institute study, sponsored by Tenable, which queried 244 public sector professionals on four continents regarding their current cybersecurity operations. The respondents represented a proportional mix of leadership, management and operations roles in both IT and information security. The breadth of respondents is important because the results, therefore, reflect the opinions of those who create cyber strategy, those who implement it and those who face the day-to-day realities of this complex subject.

In this blog post, I’ll summarize the key findings from the study as well as offer my own insights to help explain what is driving the respondents’ opinions.

Cybersecurity in public sector: five insights you need to know

The five insights presented in the study and the order in which they appear are equally important for understanding the current posture of public sector cybersecurity. The first insight from the study is that public sector cyber-related attacks are ceaseless. In fact, 88% of public sector organizations have suffered at least one damaging cyberattack over the past two years; 62% have experienced two or more.Cyberattacks in the public sector have been rampant for many years prior to 2019 and will remain true well into the future.

However, the second insight – that attacks on IoT and OT assets are now a top priority – is an emerging concern that directly impacts the remaining three insights. IoT and OT assets create a larger number of potential vulnerabilities, requiring both enhanced visibility (third insight) into an expanded attack surface and staff who know how to cover these new assets.

Furthermore, the expanded attack surface alters the relationship between cyber risk and business risk (fourth insight) by adding the catastrophic effects of a loss of critical IoT or OT services to the mix. This would be similar to planning for a hurricane or other natural disaster, but without the “natural” part.

Finally, the number of incremental vulnerabilities inherent in an expanded attack surface demand better prioritization of those vulnerabilities (fifth insight) for remediation to stay one step ahead of the bad guys.

It’s time to pay more attention to the entire attack surface, including IoT and OT

Here are my insights that provide additional context for the study’s findings:

  • The easy stuff is done already. Public sector cyber professionals have done an excellent job promoting basic cyber hygiene among public sector employees. As a result, phishing attacks have been dramatically reduced in the public sector. This means that more attention can now be given to complex threat vectors that target IoT and OT.
  • Digital transformation has expanded the attack surface. The swift pace of digital transformation in the public sector has created a swift expansion of the digital attack surface, with more IoT and OT devices being used to improve community services. “Smart city” and “smart state” initiatives have increased demand for new mobile applications and interconnected devices, all of which is increasing the number of threats confronting public sector IT and infosec professionals.
  • Converged IT/OT environments. Public sector IT and cybersecurity leaders are increasingly being asked to manage a converged IT/OT environment, requiring them to adopt methods and tools that help to identify, prioritize and remediate vulnerabilities more efficiently.
  • Cyber is cool. Today’s youth have had “eyes on glass” since before they could walk. High schools teach information security courses. Universities now grant degrees in information security. The military has created scads of new cyberwarrior roles. All this means cyber is now officially cool. Unfortunately for public sector IT and security professionals, this means recruiting and retention have become infinitely harder.

For a closer look at the study, download Cybersecurity in Public Sector: Five Insights You Need to Know now.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training