Navigating data protection in the public sector
Public Sector Organisations continue to be a top target among today’s cybersecurity threats. From malicious insiders to data spillage and phishing attacks, the government sector is a complex landscape with a tremendous amount of sensitive information.
So, how can government agencies keep their critical data protected from these evolving threats?
“If an organisation wants to be successful at solving this [data security] problem, they need to focus on the data first,” says Justin Wilkins, Varonis Director of Sales Engineering.
He added how important it is for public sector organisations to focus on what’s happening internally, as well as externally, so they can minimize insider risks.
Despite agencies having robust security operations, Justin says that when Varonis conducts phishing simulations, at least one percent of users click on links and enter their credentials. This is an issue because the scale of the problem can create a giant vector for attack.
“There's been less of a focus on protecting data that lives within the network,” he said. “The reason why this is a challenge is because attackers are becoming more sophisticated. Things like social engineering and phishing are still remarkably effective. Ultimately, far more data is exposed to users than necessary.”
By focusing on your data first, you’ll increase visibility and monitoring, which can significantly reduce your blast radius and limit the damage that could be caused in the event of an incident.
Trevor Brenn, Engineering Manager at Varonis, brought up the point that while AI has generated a huge boom for organisations, we need to approach the technology cautiously due to the risks involved.
“These tools can easily surface sensitive data that [users] have access to but didn’t know. On top of that, as groups get more advanced in AI, they’re going to want to train their own models or fine-tune existing ones. If they end up sweeping up top-secret data, it’s going to be permanently ingrained in the model,” Trevor said. “We have to be cautious in approaching this to make sure we do it in the correct way, to actually reap the benefits appropriately.”
Varonis protects the public sector from the risks of generative AI with our cloud-native Data Security Platform, which provides a real-time view of risk and the ability to automatically enforce least privilege.
Justin adds that with gen AI tools making data more accessible, organizations need to think about cyberattacks being inevitable. It’s a matter of when, not if.
At Varonis, we conduct thousands of risk assessments across both private and public sectors every year and find that the average organization has 20 percent of their data exposed org-wide or externally.
“We need to reduce our blast radius. We need to restrict the data exclusively. That’s going to go a long way in limiting the damage that could be caused in the event of a breach,” Justin said.
Whether it’s risks from generative AI, adapting to cloud environments, or educating and empowering employees with best practices, one thing is clear: It all starts with data. Protecting sensitive information should continue to be a top focus for federal security teams.
“We have to make sure we’re cautious and have a good handle on where sensitive data is and how users are interacting with it, or it can end up drowning us,” Trevor said.
Varonis can help your team address the biggest security risks with virtually no manual effort and protect your sensitive data from getting into the wrong hands. The best way to get started is with a free Data Risk Assessment.
In less than 24 hours, you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation with no strings attached. Get started today.
This article was sponsored by Varonis.
Holyrood Newsletters
Holyrood provides comprehensive coverage of Scottish politics, offering award-winning reporting and analysis: Subscribe