Report: Nearly One-Third Of Federal Agencies Experience Daily Cybersecurity Incident -- Security Today

Report: Nearly One-Third Of Federal Agencies Experience Daily Cybersecurity Incident

Nov 13, 2009

CDW Government Inc. recently released its 2009 Federal Cybersecurity Report, which found that across federal civilian and Department of Defense agencies, the number and severity of cybersecurity incidents has stayed the same or increased in the last year, with nearly one-third of Federal agencies experiencing a cybersecurity incident daily.

The report, based on a September survey of 300 federal IT security professionals, identifies agency cybersecurity threats, steps federal IT professionals are taking to combat them and opportunities for improvement.

Defense and civilian IT security professionals say external sources are their agency/network’s biggest threat overall, with defense agencies indicating state-sponsored cybersecurity-warfare programs as their most significant external cybersecurity issue. For civilian agencies, independent international hackers and software problems are the biggest external challenges.

At the same time, internal threats such as inappropriate Web surfing, lax user authentication and loss of computing devices continue to leave agencies vulnerable to cybersecurity threats. Respondents cite malware, inappropriate employee activity and remote-user access as the top cybersecurity challenges they face each day -- and that remote computing challenges are increasing more than all others.

“Fundamentally, cybersecurity is not just a technology issue -- it is a management and cultural challenge for federal agencies,” said Andy Lausch, vice president of federal sales for CDW-G. “Federal IT security professionals are engaging in the cybersecurity war on multiple fronts, and they need the participation of the Federal employees, managers and senior staff that they support. First and foremost, federal IT security professionals are calling for increased end-user education, both to reduce internal cybersecurity incidents and to close the door to external threats.”

In response to growing threats, the majority of Federal IT security professionals on the front lines say their requirements for network monitoring/intrusion prevention, encryption, user authentication, end-user education, patch management and network access control have increased or significantly increased during the last year -- yet just half say they have adequate budget to meet their cybersecurity needs.

Agencies may see budget relief during the next few years, according to an October forecast on information security spending by market research firm INPUT, which projects Federal spending on information security products and services will increase from $7.9 billion in 2009 to $11.7 billion in 2014 in direct response to heightened attacks, evolving threats and presidential and congressional focus on cybersecurity improvements.

To address cybersecurity issues, agencies are taking a multifaceted approach, focusing on end-user training for internal challenges and cybersecurity tools for external threats. To address avoidable end-user mistakes and reduce vulnerabilities, 82 percent of agencies provide ongoing training classes on security policies and procedures. To combat external threats, 81 percent have an Internet firewall and 71 percent have intrusion protection/detection.

However, despite agency training commitments and technology implementations, many agencies still experience avoidable internal risks. More than 70 percent of agencies have experienced inappropriate Web surfing/downloads in the last 12 months, and more than 40 percent have seen the unauthorized transfer of sensitive information. As a result, Federal civilian and defense agencies agree that their No. 1 priority for improving agency cybersecurity is more end-user education.

Based upon the findings of the 2009 Federal Cybersecurity Report, CDW-G recommends that federal agencies:

Reassess end-user training: Establish programs and metrics to measure training success. Communicate security policies that include guidelines for acceptable use and policy acknowledgement. Establish consequences for non-compliance with agency cybersecurity policies.
Address the mobile threat: Implement a tiered security architecture for mobile assets such as two-factor authentication, VPN sessions, data-at-rest encryption, remote Web filtering and end-point security software to ensure mobile devices are compliant and within policy.
Implement industry-standard technologies: To reduce malware threats and enforce acceptable use policies, assess the agency enterprise and implement basic cybersecurity tools across the agency enterprise.
Participate in the Federal Trusted Internet Connections (TIC) program, which reduces the number of agency Internet connections. Participants confirm improved security.

“During the last several years, Federal agencies have proven they can do more with less in challenging budget environments,” Lausch said. “Unfortunately, they are simply outpaced by organized crime, increasingly sophisticated hackers and state-sponsored professionals. It is time for computer users to step up and take an active role in cybersecurity efforts. Much like Americans have made recycling an everyday task, it is time for users to form a new habit -- making smart, network-protecting activity a part of their daily routines.”

CDW-G’s online survey, taken during September, collected responses from 150 Federal civilian and 150 defense IT professionals familiar with their agency’s cybersecurity measures and challenges. The margin of error for the total sample is ±5.7 percent at a 95 percent confidence level.

DSI Security Officers Prevented Mass Shooting, Shielded Fellow Officer Amid Gunfire
05/09/2025
Genetec, SaferWatch Bring Real-Time Vehicle Intelligence to Public Safety Agencies
05/08/2025
ZBeta Strengthens Its Advisory Bench with New Appointment
05/05/2025
Security Trends Reshaping Enterprise Resilience Into 2027
05/05/2025
Amerant Bank Selects Omnilert AI Technology for Enhanced Video Surveillance Security
05/02/2025
Minnesota County Is Still Reaping Huge Benefits from ASAP Service
05/01/2025
Winsted Unveils Pinnacle Collection with Sliding Worksurface
04/30/2025
Everon Awarded Sourcewell Cooperative Purchasing Contract
04/30/2025

Featured

TSA Begins REAL ID Full Enforcement Today

Today, the Transportation Security Administration (TSA) announced the imminent implementation of its REAL ID enforcement measures at TSA checkpoints nationwide. Read Now
Body-Worn Cameras on the Rise

On the evening of Oct. 29, 2024, the owner of 300 Guard based in Houston, was shot while on duty at a convenience store. He returned fire. He was wearing a plated vest and thankfully recovered in the hospital. Read Now
- Government
Brazil Port Enhances Surveillance and Supports Wildlife Conservation with Sustainable Technology

Ferroport, which operates the iron ore terminal at the Port of Açu in São João da Barra, Rio de Janeiro, Brazil, has deployed state-of-the-art video surveillance cameras from Axis Communications to enhance nighttime security and visibility, while decreasing environmental impact and prioritizing sustainability. With cutting-edge technology, the port now has precise surveillance cameras that capture high-quality nighttime images, while reducing the amount of artificial lighting that negatively impacts the surrounding ecosystem. Read Now
- Government
Fast-Forward from 1,000 B.C.E. to Today

The lock and key have been around since time immemorial. In fact, the locksmith profession is one of the oldest in the world when you consider the earliest wooden tumbler lock debuted three-plus millennia ago. Read Now
- Access Control
Verizon’s 2025 Data Breach Investigations Report Notes Alarming Cyberattack Surge Through Third Parties

Verizon Business recently released its 2025 Data Breach Investigations Report (DBIR), which reveals a significant increase in cyberattacks. The report found that third-party involvement in breaches has doubled to 30%, and exploitation of vulnerabilities has surged by 34%, creating a concerning threat landscape for businesses globally. Read Now
- Cybersecurity

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

QCS7230 System-on-Chip (SoC)

The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.
4K Video Decoder

3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.
PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.