90 percent of US federal agencies are vulnerable to data threats

According to new research 90 percent of IT security leaders in US federal agencies say they feel vulnerable to data threats.

In addition 61 percent have experienced a past data breach, with nearly one in five indicating a breach in the last year. This is among the findings of the US Federal Government Edition of the 2016 Vormetric Data Threat Report from enterprise data protection company Vormetric and 451 Research.

The top barriers to adopting better security are named as skill shortages at 44 percent, and budgets at 43 percent. Despite news stories highlighting the threat of nation state hacking, the top external threat actors identified were cybercriminals at 76 percent, with nation state hackers coming a distant fourth at 47 percent.

Bright spots in the report include that 58 percent are increasing spending to offset threats to data, and 37 percent are increasing spending on data-at-rest defenses this year. The top categories for increased spending over the next 12 months are network defenses at 53 percent, followed by analysis and correlation tools at 46 percent.

Network defenses are "very" effective at safeguarding data, according to 60 percent of respondents, more than any other vertical and well above the US average of 53 percent. With data-at-rest defenses seen as the most effective tools for protecting data once other defenses have failed, surprisingly these were ranked last in terms of US federal spending plans, with just 37 percent planning to increase their spending on data-at-rest defenses, compared to the US average of 45 percent.

However, many respondents are planning to implement "newer" security tools that are more effective at protecting data even when other defenses have been compromised. These include cloud security gateways (40 percent), application encryption (34 percent), data masking (31 percent) and tokenization (27 percent).

"Albert Einstein's oft-used quote is fitting -- if doing the same thing over and over and expecting a different result isn't the definition of insanity, it is certainly a recipe for placing our nation’s critical assets at risk", says vice president of Marketing for Vormetric, Tina Stewart. "Public sector organizations need to realize that doing more of the same won't help us achieve an improved data security posture. More attention must be paid to techniques that protect critical information even when peripheral security has failed, and data-at-rest security controls such as encryption, access control, tokenization and monitoring of data access patterns are some of the best ways to achieve this".

More information is available in the full report which you can download from the Vormetric website.

Image Credit: Brian A Jackson / Shutterstock