Report: Nearly One-Third Of Federal Agencies Experience Daily Cybersecurity Incident

 

CDW Government Inc. recently released its 2009 Federal Cybersecurity Report, which found that across federal civilian and Department of Defense agencies, the number and severity of cybersecurity incidents has stayed the same or increased in the last year, with nearly one-third of Federal agencies experiencing a cybersecurity incident daily.

The report, based on a September survey of 300 federal IT security professionals, identifies agency cybersecurity threats, steps federal IT professionals are taking to combat them and opportunities for improvement. 

Defense and civilian IT security professionals say external sources are their agency/network’s biggest threat overall, with defense agencies indicating state-sponsored cybersecurity-warfare programs as their most significant external cybersecurity issue.  For civilian agencies, independent international hackers and software problems are the biggest external challenges. 

At the same time, internal threats such as inappropriate Web surfing, lax user authentication and loss of computing devices continue to leave agencies vulnerable to cybersecurity threats.  Respondents cite malware, inappropriate employee activity and remote-user access as the top cybersecurity challenges they face each day -- and that remote computing challenges are increasing more than all others.

“Fundamentally, cybersecurity is not just a technology issue -- it is a management and cultural challenge for federal agencies,” said Andy Lausch, vice president of federal sales for CDW-G.  “Federal IT security professionals are engaging in the cybersecurity war on multiple fronts, and they need the participation of the Federal employees, managers and senior staff that they support.  First and foremost, federal IT security professionals are calling for increased end-user education, both to reduce internal cybersecurity incidents and to close the door to external threats.”

In response to growing threats, the majority of Federal IT security professionals on the front lines say their requirements for network monitoring/intrusion prevention, encryption, user authentication, end-user education, patch management and network access control have increased or significantly increased during the last year -- yet just half say they have adequate budget to meet their cybersecurity needs. 

Agencies may see budget relief during the next few years, according to an October forecast on information security spending by market research firm INPUT, which projects Federal spending on information security products and services will increase from $7.9 billion in 2009 to $11.7 billion in 2014 in direct response to heightened attacks, evolving threats and presidential and congressional focus on cybersecurity improvements. 

To address cybersecurity issues, agencies are taking a multifaceted approach, focusing on end-user training for internal challenges and cybersecurity tools for external threats.  To address avoidable end-user mistakes and reduce vulnerabilities, 82 percent of agencies provide ongoing training classes on security policies and procedures.  To combat external threats, 81 percent have an Internet firewall and 71 percent have intrusion protection/detection. 

However, despite agency training commitments and technology implementations, many agencies still experience avoidable internal risks.  More than 70 percent of agencies have experienced inappropriate Web surfing/downloads in the last 12 months, and more than 40 percent have seen the unauthorized transfer of sensitive information.  As a result, Federal civilian and defense agencies agree that their No. 1 priority for improving agency cybersecurity is more end-user education.

Based upon the findings of the 2009 Federal Cybersecurity Report, CDW-G recommends that federal agencies: 

  • Reassess end-user training:  Establish programs and metrics to measure training success. Communicate security policies that include guidelines for acceptable use and policy acknowledgement.  Establish consequences for non-compliance with agency cybersecurity policies.
  • Address the mobile threat:  Implement a tiered security architecture for mobile assets such as two-factor authentication, VPN sessions, data-at-rest encryption, remote Web filtering and end-point security software to ensure mobile devices are compliant and within policy.
  •  Implement industry-standard technologies:  To reduce malware threats and enforce acceptable use policies, assess the agency enterprise and implement basic cybersecurity tools across the agency enterprise.
  • Participate in the Federal Trusted Internet Connections (TIC) program, which reduces the number of agency Internet connections.  Participants confirm improved security.

“During the last several years, Federal agencies have proven they can do more with less in challenging budget environments,” Lausch said.  “Unfortunately, they are simply outpaced by organized crime, increasingly sophisticated hackers and state-sponsored professionals.  It is time for computer users to step up and take an active role in cybersecurity efforts.  Much like Americans have made recycling an everyday task, it is time for users to form a new habit -- making smart, network-protecting activity a part of their daily routines.”

CDW-G’s online survey, taken during September, collected responses from 150 Federal civilian and 150 defense IT professionals familiar with their agency’s cybersecurity measures and challenges.  The margin of error for the total sample is ±5.7 percent at a 95 percent confidence level. 

Featured

  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity

Webinars

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3