US Federal agencies reported more breaches last year (57 percent) than any other industry sector by a wide margin, well ahead of the global average of 36 percent according to a new report.
Yet the findings from Thales eSecurity show that only 42 percent of government respondents claim to be 'very' or 'extremely' vulnerable, compared to 68 percent of US respondents across the board.
In the past year 57 percent of federal respondents have experienced a data breach. This marks a big jump from the 2017 report where 34 percent were breached and the 2016 report (18 percent). In contrast only 26 percent of non-US government agencies worldwide experienced a breach in the past year.
The report also highlights the growing government use of cloud services. 45 percent of US federal respondents now use more than five Infrastructure-as-a-Service vendors and nearly half (48 percent) use more than 100 Software-as-a-Service applications. Over two-thirds (72 percent) of respondents express concerns about increased vulnerabilities from shared infrastructures, other worries include custodianship of encryption keys (62 percent) and security breaches in the cloud (68 percent).
Almost all (93 percent) of respondents are increasing spending this year. On the surface this may appear encouraging, but a deeper probe reveals 56 percent still plan to spend the most on endpoint security and 48 percent on network security. Only 19 percent will spend the most on data-centric security solutions, such as encryption and tokenization.
"Encryption can be viewed as complex, and the management of encryption keys challenging for organizations dealing with budget and staffing limitations," says Nick Jovanovic, vice president of Thales eSecurity Federal. "But federal government agencies can start by selecting encryption and key management technologies that offer a smart, centralized approach and work across clouds, on-premises and in data centers. A good example of this is the 47 percent of respondents who plan to implement 'bring your own key' solutions to remotely manage their cloud deployments, which will assist them in better protecting and controlling their data."
You can read more in the 2018 Thales Data Threat Report available from the company's website.