One-Third of Government Worker Respondents Believe They are More Likely to be Struck by Lightning Than Have Their Organizations’ Data Compromised
SAN JOSE, California – Mar. 13, 2018 – Dtex Systems™, a leader in user behavior intelligence and insider threat detection, today released a new report, “Uncovering the Gaps: Security Perceptions and Behaviors of Today’s Government Employees,” focusing on notable trends captured in a survey of government workers when it comes to organizational security. The workers are presumed to be some of the most security conscious – those with security clearance across federal, state or local levels. The results, in aggregate, signal an absence of personal accountability and a widespread expectation among respondents that it is the organization that assumes full responsibility of protecting sensitive work data and devices.
Against a backdrop of growing concerns of large-scale cyber attacks and a recent wave of high-profile breaches linked to insider threats, the data reveals a potentially dangerous disconnect among government employees when it comes to tying their individual behaviors – both responsible and risky – to the potential effects on organizational security. Some of the most salient findings in the report are:
A deflection of personal responsibility when it comes to workplace security. Almost half (48 percent) of respondents think responsibility for securing organizational data and devices falls squarely on IT professionals, senior leadership and colleagues, with only 13 percent putting the onus completely on themselves as individuals.The need to find a middle ground key for employee security attitudes. More than half of employees (56 percent) believe that it’s likely that someone already has unauthorized access to their personal information, or that no matter what they do to protect themselves, hackers will find a way in (53 percent). On the other end of the spectrum, 43 percent of respondents exhibit a high level of confidence in the belief that their organization will probably never be compromised. In fact, one in three believe they’re more likely to be struck by lightning than see their organization’s data compromised.Desensitization to the high probability and potential dangers of data compromise. When looking at what government employees fear most, only 14 percent report being afraid of someone infiltrating their organization and stealing files, trailing far behind potential scenarios such as a government collapse or food poisoning, and ranking it just three percentage points higher than alien invasion.
“We’re all – as individuals, as organizations and as a country – facing near-constant security attacks from trusted insiders, malicious cyber criminals or nation-state actors,” said Christy Wyatt, CEO at Dtex Systems. “With the increasing regularity and broad scope of insider-related incidents and breaches, it is critical that public sector organizations improve security protocols and double down on intelligence-based, user-centric technology investments. The ability to both monitor and develop a contextual understanding of user behavior in real time is crucial – not just in detecting and mitigating insider threats, but ultimately ensuring the continued safety of our nation.”
Gaps in knowledge versus engagement: The lack of personal responsibility and accountability may be to blame for what is a notable discrepancy among survey respondents in understanding what responsible security behavior looks like and engaging in that behavior. For example, an overwhelming percentage of respondents perceive responsible security habits such as using an encrypted file system or reporting a colleague’s risky behaviors as important (90 and 86 percent respectively), but fewer than one in three reported having done either in the last 60 days.
Gaps in risk perception and identification: When it comes to identifying and avoiding what is typically deemed irresponsible or risky behavior, respondents revealed a significant gap. Of the government employees surveyed, only one in three (31 percent) believe that accessing company files or a work email account on their personal devices poses a security risk – and less than half see emailing confidential data or bypassing security protocols as potentially dangerous activities.
“Insider threats are plaguing the nation’s government organizations, no matter their size or focus – from the White House to political campaigns to local department offices,” said Jeff Miller, Director of US Public Sector at Dtex. “Each government employee has the potential to create a vulnerability with a single decision or action, and when they fail to recognize their role as ‘insiders,’ the risk to the organization increases exponentially as a result. With complete visibility into user behavior, it’s possible to spot the inconsistencies that equate to potential risks, improve employee education by identifying teachable moments and minimize the chances of a catastrophic cyber attack.”
Gaps in insider threat education: More than three-quarters of respondents (77 percent) are confident their organization has an educational program about insider threats but demonstrated a lack of basic understanding of the term. While 42 percent of respondents say insider threats pose the greatest risk to the security of their organization, nearly the same number (40 percent) – less than half – were able to correctly identify “insider threat” as an IT term. This, compounded by negligent and risky behaviors, indicates a significant need for continued and improved education across the public sector, from the federal government to small local agencies.
To produce this report, Dtex analyzed the results of a survey conducted by market research and data analytics firm YouGov of more than 1,000 public and private sector employees based in the United States. The findings reflect the data collected from a subset of survey respondents – comprised solely of full-time or part-time government employees with security clearance working at the federal, state or local level.
Dtex will present the findings of this report in a live webinar hosted by partner Carahsoft at 2 p.m. EDT, March 22. To register, please visit: http://carahevents.carahsoft.com/Event/Details/52836-dtex. To download a copy of the report, “Uncovering the Gaps: Security Perceptions and Behaviors of Today’s Government Employees,” please visit: www.dtexsystems.com/uncovering-the-gaps.
About Dtex Systems
Dtex Systems arms enterprises across the globe with revolutionary technology to protect against user threats, data breaches, and outsider infiltration. As the only solution combining unparalleled endpoint visibility with advanced analytics, Dtex is able to pinpoint threats with greater accuracy than traditional security methods without adversely impacting user productivity. To learn more, visit www.dtexsystems.com.