Report: Nearly One-Third Of Federal Agencies Experience Daily Cybersecurity Incident

 

CDW Government Inc. recently released its 2009 Federal Cybersecurity Report, which found that across federal civilian and Department of Defense agencies, the number and severity of cybersecurity incidents has stayed the same or increased in the last year, with nearly one-third of Federal agencies experiencing a cybersecurity incident daily.

The report, based on a September survey of 300 federal IT security professionals, identifies agency cybersecurity threats, steps federal IT professionals are taking to combat them and opportunities for improvement. 

Defense and civilian IT security professionals say external sources are their agency/network’s biggest threat overall, with defense agencies indicating state-sponsored cybersecurity-warfare programs as their most significant external cybersecurity issue.  For civilian agencies, independent international hackers and software problems are the biggest external challenges. 

At the same time, internal threats such as inappropriate Web surfing, lax user authentication and loss of computing devices continue to leave agencies vulnerable to cybersecurity threats.  Respondents cite malware, inappropriate employee activity and remote-user access as the top cybersecurity challenges they face each day -- and that remote computing challenges are increasing more than all others.

“Fundamentally, cybersecurity is not just a technology issue -- it is a management and cultural challenge for federal agencies,” said Andy Lausch, vice president of federal sales for CDW-G.  “Federal IT security professionals are engaging in the cybersecurity war on multiple fronts, and they need the participation of the Federal employees, managers and senior staff that they support.  First and foremost, federal IT security professionals are calling for increased end-user education, both to reduce internal cybersecurity incidents and to close the door to external threats.”

In response to growing threats, the majority of Federal IT security professionals on the front lines say their requirements for network monitoring/intrusion prevention, encryption, user authentication, end-user education, patch management and network access control have increased or significantly increased during the last year -- yet just half say they have adequate budget to meet their cybersecurity needs. 

Agencies may see budget relief during the next few years, according to an October forecast on information security spending by market research firm INPUT, which projects Federal spending on information security products and services will increase from $7.9 billion in 2009 to $11.7 billion in 2014 in direct response to heightened attacks, evolving threats and presidential and congressional focus on cybersecurity improvements. 

To address cybersecurity issues, agencies are taking a multifaceted approach, focusing on end-user training for internal challenges and cybersecurity tools for external threats.  To address avoidable end-user mistakes and reduce vulnerabilities, 82 percent of agencies provide ongoing training classes on security policies and procedures.  To combat external threats, 81 percent have an Internet firewall and 71 percent have intrusion protection/detection. 

However, despite agency training commitments and technology implementations, many agencies still experience avoidable internal risks.  More than 70 percent of agencies have experienced inappropriate Web surfing/downloads in the last 12 months, and more than 40 percent have seen the unauthorized transfer of sensitive information.  As a result, Federal civilian and defense agencies agree that their No. 1 priority for improving agency cybersecurity is more end-user education.

Based upon the findings of the 2009 Federal Cybersecurity Report, CDW-G recommends that federal agencies: 

  • Reassess end-user training:  Establish programs and metrics to measure training success. Communicate security policies that include guidelines for acceptable use and policy acknowledgement.  Establish consequences for non-compliance with agency cybersecurity policies.
  • Address the mobile threat:  Implement a tiered security architecture for mobile assets such as two-factor authentication, VPN sessions, data-at-rest encryption, remote Web filtering and end-point security software to ensure mobile devices are compliant and within policy.
  •  Implement industry-standard technologies:  To reduce malware threats and enforce acceptable use policies, assess the agency enterprise and implement basic cybersecurity tools across the agency enterprise.
  • Participate in the Federal Trusted Internet Connections (TIC) program, which reduces the number of agency Internet connections.  Participants confirm improved security.

“During the last several years, Federal agencies have proven they can do more with less in challenging budget environments,” Lausch said.  “Unfortunately, they are simply outpaced by organized crime, increasingly sophisticated hackers and state-sponsored professionals.  It is time for computer users to step up and take an active role in cybersecurity efforts.  Much like Americans have made recycling an everyday task, it is time for users to form a new habit -- making smart, network-protecting activity a part of their daily routines.”

CDW-G’s online survey, taken during September, collected responses from 150 Federal civilian and 150 defense IT professionals familiar with their agency’s cybersecurity measures and challenges.  The margin of error for the total sample is ±5.7 percent at a 95 percent confidence level. 

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.