Data security at government agencies is a growing concern. The GAO has been releasing studies indicating persistent weaknesses in security programs in all 24 federal agencies as well as a growing rate of security incidents. Despite only accounting for 8.4% of data breaches in 2015, there is no question that the government sector faces some of the most stringent public scrutiny when it comes to data security.
A new study from MeriTalk and Palo Alto Network examines the “Endpoint Epidemic” in federal agencies, examining endpoint security strategies in particular across federal agencies. As the report notes, federal agencies have seen a renewed interest in digital-first strategies, with a greater volume and variety in endpoint devices. As with other industries, this has led to an increase in cyber vulnerabilities. The report examines how federal agencies are dealing with the vulnerabilities introduced on the endpoint.
Given the poor reports from the GAO on government data security, it’s perhaps unsurprising that this new report indicates that 44% of government endpoints are either unknown or unprotected. Survey respondents estimate that nearly a third of network-connected devices have been infected with malware, which can compromise data and network access on the device, or be transferred to the network itself.
Half of survey respondents believe their agency isn't taking steps to validate users or apps and nearly half believe their endpoint security policies are not well integrated into overall IT security. Despite these red flags, there is a mistaken believe by 54% that current policies are effective, practical or enforceable. This overconfidence is an issue that plagues many industries, causing complacency that results in unnecessary data breaches.
The survey indicates that visibility over endpoints is one of the key problems. Many endpoint devices remain unknown or unprotected. Further, nearly half of employees surveyed who use personal devices have not even reviewed BYOD policies (if they exist), so there exists gaps in awareness and training as well.
Delivering on the promise of data security while working with government agencies is more challenging than ever before. It’s vital that government agencies know where all endpoints are (including BYOD devices) and that data is constantly protected, with alerts to any irregularities to hardware, software or user behaviour. Government customers trust Absolute as a proven partner and a technology leader in persistent endpoint security and data risk management, providing unprecedented visibility into the endpoint. Learn more about Absolute’s solutions to address data security and mobility in the public sector here.