In September 2021, Tripwire released its annual report to examine the actions taken by the U.S. federal government to improve cybersecurity. The report also looks at non-government organizations so that we may catch a glimpse of the differing views and approaches of each, which makes for interesting (and revealing) insights.

The results of such surveys are also worthy of examination and discussion, as they are relevant to the United States and offer us an opportunity to examine our attitudes towards cybersecurity. If the UK Government is reading this blog post (‘hello to you!’), I would urge them to look at the lessons we can take from this survey and apply the same critical thinking to our own approach to cybersecurity. This is because there are undoubtedly similar opinions in the UK as there are in the United States. How can I know this for sure? Well, there’s no way of knowing for sure without conducting a survey in the UK, but anecdotally, the areas that the survey highlights are neither revolutionary nor earth-shattering to anyone within the industry.

The UK Government would do well to take on board the messages the survey has to offer. To ignore them could be detrimental to us all.

Security Standards

First, let’s recognize that the only standard that gains any real attention in the report is the National Institute of Standards and Technology (NIST) standard. But it’s good to see that although half of the non-governmental organizations have not fully adopted NIST standards, half have. With 31% stating they (somewhat) follow the guidelines, 24% state they strictly follow the standard. Thankfully, only 3% asked, “What is NIST?” 

This tells us that security standards are being adopted in organizations (government or non-government), with 66% reporting that NIST is either ‘Extremely (Read more...)