Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Five Cybersecurity Insights for the Public Sector

A new global study conducted by Ponemon Institute explores cyber risk in the public sector: What are the top priorities for public sector cybersecurity leaders in 2019? Why has preventing attacks on OT become a major concern?

Cybersecurity in Public Sector: Five Insights You Need to Know presents the results of a Ponemon Institute study, sponsored by Tenable, which queried 244 public sector professionals on four continents regarding their current cybersecurity operations. The respondents represented a proportional mix of leadership, management and operations roles in both IT and information security. The breadth of respondents is important because the results, therefore, reflect the opinions of those who create cyber strategy, those who implement it and those who face the day-to-day realities of this complex subject.

In this blog post, I’ll summarize the key findings from the study as well as offer my own insights to help explain what is driving the respondents’ opinions.

Cybersecurity in public sector: five insights you need to know

The five insights presented in the study and the order in which they appear are equally important for understanding the current posture of public sector cybersecurity. The first insight from the study is that public sector cyber-related attacks are ceaseless. In fact, 88% of public sector organizations have suffered at least one damaging cyberattack over the past two years; 62% have experienced two or more.Cyberattacks in the public sector have been rampant for many years prior to 2019 and will remain true well into the future.

However, the second insight – that attacks on IoT and OT assets are now a top priority – is an emerging concern that directly impacts the remaining three insights. IoT and OT assets create a larger number of potential vulnerabilities, requiring both enhanced visibility (third insight) into an expanded attack surface and staff who know how to cover these new assets.

Furthermore, the expanded attack surface alters the relationship between cyber risk and business risk (fourth insight) by adding the catastrophic effects of a loss of critical IoT or OT services to the mix. This would be similar to planning for a hurricane or other natural disaster, but without the “natural” part.

Finally, the number of incremental vulnerabilities inherent in an expanded attack surface demand better prioritization of those vulnerabilities (fifth insight) for remediation to stay one step ahead of the bad guys.

It’s time to pay more attention to the entire attack surface, including IoT and OT

Here are my insights that provide additional context for the study’s findings:

  • The easy stuff is done already. Public sector cyber professionals have done an excellent job promoting basic cyber hygiene among public sector employees. As a result, phishing attacks have been dramatically reduced in the public sector. This means that more attention can now be given to complex threat vectors that target IoT and OT.
  • Digital transformation has expanded the attack surface. The swift pace of digital transformation in the public sector has created a swift expansion of the digital attack surface, with more IoT and OT devices being used to improve community services. “Smart city” and “smart state” initiatives have increased demand for new mobile applications and interconnected devices, all of which is increasing the number of threats confronting public sector IT and infosec professionals.
  • Converged IT/OT environments. Public sector IT and cybersecurity leaders are increasingly being asked to manage a converged IT/OT environment, requiring them to adopt methods and tools that help to identify, prioritize and remediate vulnerabilities more efficiently.
  • Cyber is cool. Today’s youth have had “eyes on glass” since before they could walk. High schools teach information security courses. Universities now grant degrees in information security. The military has created scads of new cyberwarrior roles. All this means cyber is now officially cool. Unfortunately for public sector IT and security professionals, this means recruiting and retention have become infinitely harder.

For a closer look at the study, download Cybersecurity in Public Sector: Five Insights You Need to Know now.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.