Although there’s a glut of bean counters more concerned about how much traffic a website attracts, a research report from Cisco finds only 30% of public-sector security professionals said their organizations use penetration testing and endpoint or network forensics tools. Cisco reports that such tools are considered key pillars of a defense-in-depth security strategy, making their lack of adoption worrisome.
Agencies that do not have enough cybersecurity staff may also not investigate threats as thoroughly as they need to. According to the report, nearly 40% of public-sector organizations say that of the thousands of alerts they see daily, only 65% are investigated. Of great concern, 32% of those investigated threats are identified as legitimate, but only 47% of those legitimate threats are eventually remediated, Cisco said.
To truly examine a large number of daily cybersecurity alerts, a public-sector agency might need dozens of security staffers, yet they rarely have enough staff. The report said that 35% of public-sector organizations have fewer than 30 employees dedicated to security. Additionally, 27% believe a lack of trained personnel is a major obstacle to adopting advanced security processes and technology, the report said.
The report also found that the cloud is a whole new frontier for hackers, and they are increasingly exploring its potential as an attack vector as often cloud systems are "mission-critical" for organizations. Hackers also recognize that they can infiltrate connected systems faster by breaching cloud systems.
According to Cisco, some of the largest breaches to date began with the compromise and misuse of a single privileged user account. The average enterprise today has more than 1,000 unique apps in its environment and more than 20,000 different installations of those apps. Cisco said its threat researchers examined 4,410 privileged user accounts at 495 organizations and found that six in every 100 end users per cloud platform have privileged user accounts, with many organizations having an average of two privileged users that carry out most of the administrative tasks.
If your curiosity is piqued, you can read the full Cisco report.