Enterprises are struggling to maintain and manage the security of their hybrid environments. A recent report found that complexity of internal environments is one of the most significant obstacles for organizational IT security. 

“When it comes to security complexity, the fact that the attack surface has continued to grow (with cloud, on-prem, and more SaaS services) it comes down to a lot of different environments and systems being suddenly brought together without a unified security view. In addition, the battlefield of the Internet of Things continues to compound the problem, as another key public sector example,” said Brandon Shopp, vice president for product strategy at SolarWinds. 

The Public Sector Cybersecurity Survey Report is based off of 400 IT operations and security decision makers. 

In addition to complexity, education, budget constraints and insider threats are also plaguing the public sector cyber readiness. The report found 52% of respondents cite insiders as a top threat and 54% find the general hacking community a top threat. 

“It’s surprising that careless insiders continue to be the top threat concern, a trend we’ve seen continue for over five years in the public sector and beyond. Security isn’t new and it’s worrisome that organizations haven’t solved the insider problem enough, to the point where it’s not still their top threat worry,” said Shopp. 

Shopp explained that the theme at the RSA security conference this week is the “human factor,” with everyone thinking about how they play  a role and risk in security. “The public sector has a particularly difficult problem, since they tend to employ so many contractors. Training and education is one of the most important security levers organizations can pull to help reduce the attack potential,” said Shopp. 

Other findings include respondents feel they are most mature in endpoint protection, continuity of operations, and identity and access management. Additionally, less than half of the public sector respondents feel confident in their team’s ability to keep up with evolving threats. 

“Asking how cybersecurity issues can be tackled is a big question. I’d say one of the most important things is to pay attention to the basics; don’t forget patching, deploying AV, turning on MFA, doing backup, etc. We know that some of our largest breaches in history occurred because of something as simple as not patching. Without the basics, the bad guys have easy access to an organization’s data,” said Shopp.