A look at the state of government cybersecurity.

Cyber company Ivanti today released their Government Cybersecurity Status Report, surveying 800 public sector workers globally. Their report found that a “not my job“ attitude within the public sector has been pervasive, younger generations may be more lax on cyber security protections, and a weak cyber security culture within both government and its employees may be causing issues.

Employee disengagement is pervasive in the public sector.

Research found that government employees are increasingly having attitudes that cybersecurity is “not their job.” 34% of government employees report no belief that their actions are impactful to the safety of their organization. 36% of those surveyed shared that they did not report phishing emails received at work, with an alarming 21% showing a lack of care about whether or not their company gets hacked.

A generational divide in cybersecurity attentiveness.

The researchers shared that younger generations – Gen Z and Millennials – were actually found to be twice as likely to reuse passwords across devices than their Gen X and Baby Boomer counterparts. The increasing hybrid nature of the government workforce (70% of workers report remote work, at least occasionally) makes this statistic a little more alarming, Infosecurity Magazine points out.

Lack of cybersecurity culture within both the government and its employees.

Researchers also found that, worldwide, 29% of companies aren’t requiring partners or vendors to complete cyber training. Only 27% of employees in the government feel prepared to report cyber threats, with 17% reporting that they didn’t feel safe sharing security mistakes they’ve made with their cyber team.

“We are in a state of urgency when it comes to securing critical infrastructure, along with public sector employees and the extremely sensitive data they have access to,” said Ivanti’s Chief Product Officer, Srinivas Mukkamala. “Government leaders around the world have recognized this urgency and are taking steps to combat ransomware, misinformation, and to protect their critical assets and infrastructure. If we don't focus on cybersecurity as a team effort and provide proactive security measures that enable a better employee experience, security teams and governments will continue to face an uphill battle.”

(Added, 11:30 PM ET, March 9th, 2023. Roger Grimes, data-driven defense evangelist at KnowBe4, commented that the ransomware threat to government and other organizations in particular is unlikely to abate. "Ransomware targeting both Linux and Windows is not new," he said, "but this is a continued expansion where both platforms are being readily targeted. Don't expect this trend to reverse anytime soon. The future of malware and hacking are AI-driven bots that change their tactics on-the-fly based upon what they come upon. Expect most malware to behave as an intelligent, knowledgeable hacker in the near future, downloading additional components and expertise as it needs it, based on what it needs.")