19 May 2020, Theale, UK – A lack of awareness among public sector employees around cybersecurity is leaving it vulnerable to ransomware and other forms of cyber-attack, according to new research today from data security provider Clearswift, a Fortra Company.
The research with 1,000 public sector employees, revealed that almost half of respondents (47%) have either not heard of, or do not know what ransomware is, with 42% not having heard of, or what two-factor authentication (2FA) is. This lack of cybersecurity awareness is compounded by a lack of training – 77% of respondents have been given no instruction in how to recognize ransomware, while 16% have had no cybersecurity training whatsoever and 13% just once.
“The public sector has seen significant developments since WannaCry but these findings suggest that there is still progress to be made,” said Alyn Hockey, VP of Product Management, Clearswift, a Fortra Company. “As we’ve seen the volume and variety of cyber-attacks increase, especially during the coronavirus lockdown period, it’s an on-going fight for the public sector to stay protected and constant and incremental improvements are the key to success. The right technology is important of course, but of equal value is ensuring that employees are fully aware of cybersecurity best practices and that the right processes are in place to mitigate the risk.”
The research, ‘The Unknown Threat – Cybersecurity in the UK Public Sector’ revealed that public sector employees were not all using the most up-to-date operating systems that help defend against cyber-attacks. 11% still use Windows 7 and 6% still use Windows 8, a key area of vulnerability if those systems have not been updated with the latest patch, as was the case with WannaCry. There is also a lack of access to experts who can advise on what to be aware of regarding cybersecurity – 68% say there is no dedicated cybersecurity expert in their organization and only 12% have communicated with a cybersecurity expert in the last six months.
This is all compounded by working habits that can also leave the organization more vulnerable to an attack. These include using unsecure file-sharing systems such as Dropbox or WeTransfer at least once a day (25%); personal USB sticks at least once a week (38%); checking personal email several times a day (51%) and using unauthorized devices at least once a day (33%).
However, there was more encouraging news should a public sector employee suspect they had become the victim of a cyber-attack at work. A majority of respondents (84%) said they would know what to do if that happened.
With the coronavirus crisis bringing increased cyber-attacks alongside many public sector workers working from home, the current period is an opportune time to address security vulnerabilities. Even as we gradually emerge from the pandemic, local government and the wider public sector is under pressure to maintain public services whilst also remaining secure, so it’s right to think about how that could be achieved.
“The UK public sector has put in place many of the processes required to defend against ransomware and other cyber-attacks,” continued Alyn Hockey, Clearswift. “But recent events have demonstrated a clear need for more cyber vigilance and it’s an on-going battle in defending the public sector against cybercrime. Communicating clearly about the dangers of ransomware and updating legacy operating systems would be a great start, ahead of a broader look at overall cybersecurity strategies.”
The Clearswift report – ‘The Unknown Threat – Cybersecurity in the UK Public Sector’ – is available to download here.
About the research
The research was conducted with 1,000 UK public sector workers in local and central government by onepoll, between 9 and 13 March 2020.
Clearswift’s content-aware, policy based solutions enables defense, government, healthcare and financial services organizations across the globe to manage and maintain no-compromise data, email, cloud and web security.
MRB Public Relations
+1 732 758 1100
+44 118 334 0220