According to new research from Tripwire, 95% of security pros in the private sector think the government should play a bigger role in securing non-governmental organizations (NGOs). More specifically, critical infrastructure representatives say they need improvement and enforcement of security standards (52%), including NIST guidelines. This is likely because only 49% of NGOs surveyed (critical infrastructure and others) have fully adopted NIST standards, yet they still identify ransomware as a primary security concern.
However, those on the federal side admit they don’t have it all together — 99% believe the government should be doing more to protect its own data and systems, and 24% think they are falling behind when it comes to preparedness to face new threats and breaches. They cite common challenges, like a lack of leadership prioritization, internal expertise, and resources.
When it comes to zero trust, both federal and non-governmental organizations agree this strategy could materially improve cybersecurity outcomes, but lack of focus on integrity monitoring is where some organizations may fall short. Fifty percent agree that integrity monitoring is foundational to a successful zero-trust strategy, or at least somewhat important (43%), but only 22% considered measuring integrity and security posture to be a core tenet of zero-trust architecture.
Fortunately, both federal and non-governmental organizations have responded to ransomware concerns stemming from attacks on critical infrastructure with preventative action — 98% of agencies report progress on executive orders on cybersecurity (nearly half see “significant” progress), and over 50% of non-government groups have taken specific steps to improve cybersecurity efforts.
Tripwire and Dimensional Research surveyed 306 security professionals, including 103 currently working for a United States federal government agency, with direct responsibility for the security within their organization.
Read the full report by Tripwire.
