The report revealed that hybrid work has opened up yet another frontier of vulnerability, with 70% of government workers reporting they work virtually at least some of the time. The proliferation of devices, users, and locations adds complexity and new vulnerabilities for government security teams to tackle – while also combatting increasingly sophisticated threat actors.
With generative AI making phishing emails increasingly more realistic, the human-sized gaps in cybersecurity are placing government agencies and organizations at increasing risk of a successful ransomware attack. The report found that 5% of government workers have fallen victim to a phishing attempt – either by clicking a link or sending money.
According to the report, a “not my job” attitude is contributing to the security risk for the public sector:
• 34% of government employees do not believe their actions impact their organization's ability to stay safe
• 17% don’t feel safe reporting security mistakes they’ve made to the cybersecurity team
• 36% did not report a phishing email they received at work
• Alarmingly, 21% don’t care if their organization gets hacked
“We are in a state of urgency when it comes to securing critical infrastructure, along with public sector employees and the extremely sensitive data they have access to,” said Srinivas Mukkamala, Chief Product Officer at Ivanti. “Government leaders around the world have recognized this urgency and are taking steps to combat ransomware, misinformation, and to protect their critical assets and infrastructure. If we don't focus on cybersecurity as a team effort and provide proactive security measures that enable a better employee experience, security teams and governments will continue to face an uphill battle.”
The report also revealed that Gen Z and Millennials are not savvier than Gen X or Baby Boomers when it comes to password security and mismanagement. In fact, Gen Z and Millennial government workers are more than twice as likely to reuse passwords between home and use the same password across multiple devices and logins. Employees in all industries and generations continue to use sticky notes, pet names, birthdays, and the favorite unbreakable code: ‘12345.’
Cybersecurity and automation provide powerful frontline protection for government organizations – but security teams need to evaluate new policies or technologies through the lens of digital employee experience, to ensure that employees don’t seek ways around the so-called solution. With just 27% of government workers feel “very prepared” to recognize and report threats like malware at work, it is vital for organizations to focus on improving the digital employee experience so that they don’t have to rely on an employee's ability to recognize a threat.
Misinformation and ransomware can wreak havoc on public safety, global commerce and diplomacy – and even cost lives. Government organizations are particularly vulnerable, because they hold the keys to systems and messages that threat actors want to disrupt and exploit. It’s critical to futureproof our governments and agencies in comparative “peacetime” as many organizations take critical steps after a catastrophic attack.