Government IT managers in Canada are over-confident and reactive rather than proactive when it comes to protecting public data from security threats, a new study suggests.
Although 97.5 per cent of government IT security softwaredecisionmakers say their systems have been exposed to some sort of directsecurity threat or challenge in the past year – and 82.5 per cent havesuffered a data loss or breach in the sameperiod — 80 per cent ofthem still feel “confident” or “very confident” about their ability toprotect mission critical data.
Leger Marketing surveyed 40 randomly selected IT managers responsiblefor security software decisions at the federal, provincial andmunicipal government levels. They were polled in February for securitysoftware vendor McAfee Canada.
“I think there’s some reason to be tightening things up. Thirty percent have lost confidential information. That’s a fairly significantnumber,” said Doug Cooke, director of sales engineering at McAfeeCanada.
Another 30 per cent said they were subject to a privacy investigationas a result of a data loss or breach within the 12-monthperiodinvolved.
In addition to a disconnect between the confidence level of governmentIT security personnel and the actual reality of the threats they’veexperienced, the study also found the respondents to be reactive ratherthan proactive when it comes to security issues. Over half (57.5 percent) said they spent more time responding to security threats andrecovering from them after the fact than on identifying risksbeforehand.
Social media, BYOD threats
Social media and bring your own device (BYOD) trends are also creatingnew security headaches for government IT systems. Even though 62.5 percent allow employees to access social media sites from work, 56 percent of those permitting it believe it increases their risk of threats.And while 40 per cent let staff use personal devices for work, only 25per cent of those allowing the practice have a BYOD security policy inplace.
“(BYOD) is an increasing concern (that’s) probably not as big as thetargeted attacks … but it’s a growing area that needs to beconsidered,” Cooke said. “The amount of malware in newer Androiddevices that are coming out is much less and it’s not as sophisticatedas it is in the classic Windows environment. But (mobile) devices arenot protected as well as traditional Windows devices.”
McAfee also made recommendations for IT security managers at all threelevels of Canadian government:
– move towards creating a nationalmechanism to share security information and knowledge across variouslevels and departments of government as well as with the private sector
– increase awareness around the movementand protection of data
– move more quickly to respond and adaptto changing technology trends, such as BYOD and social media, sogovernment can develop security strategies to deal with them