Public sector IT leaders and their IT teams aren’t seeing eye-to-eye when it comes to cybersecurity, a new report from Sophos claims.
There is a significant discrepancy in how these two groups of people perceive the data they’re handling. CIOs and CISOs generally believe their organisation’s digital data isn’t as valuable as the data generated by private sector companies, even though they too handle highly sensitive, confidential and personally identifiable data.
Sophos argues this could mean public sector organisations aren’t as diligent when it comes to protecting their data, as they should be, leading to risks.
Sensitive data for up to 66 million UK citizens could become available to the highest bidder on the dark web or among other criminal groups that buy and sells personally identifiable information (PII) like names, addresses, National Insurance numbers, tax returns, confidential medical records, passport details, and more. Cybercriminals can then use this data for spear-phishing, identity theft, breaching networks, or extortion,” said Jonathan Lee, UK director of Public Sector Relations at Sophos.
“Data relating to the nation’s strategic intelligence and defence, such as surveillance records and tactical plans, is also at risk and could have catastrophic consequences for national security if leaked.”
And it’s not like they’re not being targeted by criminals, either. Three quarters of senior IT leaders confirmed their organisations were attacked with ransomware within the last year. Less than one in five of IT practitioners were even aware of these events.
The same goes with actual breaches. While almost half of IT leaders spotted an increase in security incidents and breaches – just eight per cent of IT practitioners said the same thing.
“Better communication across teams, more effective knowledge sharing and clearly defined processes are essential if we are to make the UK public sector as secure as it needs to be,” Lee concluded.