The Mars-and-Mercury problem of cybersecurity
- By Frank Konkel
- Oct 15, 2013
Half of all agency cybersecurity breaches are caused by feds who fail to comply with security measures in place at their agencies, according to a Meritalk study released Oct. 15. (Download the report).
The study, which polled 100 government cyber professionals and 100 federal employees, suggests a rift between IT cybersecurity professionals who value security above all else and their systems' end users – the feds who just want to do their jobs.
Titled "The Cyber Security Experience: Cyber Security Pros from Mars; Users from Mercury," the study finds 31 percent of federal employee end-users use some form of security work-around at least weekly, and nearly 20 percent of feds have failed to complete a work assignment because of existing security measures. Feds reported being most frustrated by simple tasks like surfing the web and downloading files, the same two tasks that cybersecurity professionals said most frequently produced security breaches through external attacks like phishing and malware.
The protocols cyber pros find necessary to keep data secure are burdensome, time-consuming and sometimes obstructive to their end users.
"More security rules, more security tasks, and more security delays have done little to drive more user buy-in for cybersecurity," said Tom Ruff, Akamai's vice president for public sector. Akamai underwrote the study.
Despite obvious disagreements on implementation, 95 percent of end users and cyber professionals agreed the deployment of cybersecurity measures is an "absolute necessity" to prevent against data loss, data theft and denial-of-service (DOS) attacks.
According to end-users surveyed, possible strategies to mitigate the bridge between themselves and security professionals include a single sign-on (56 percent), user-friendly interface (27 percent) and streamlined access to mobile applications (13 percent). However, cyber professionals rated "ensuring a user-friendly experience" dead last as a priority, indicating they favor the nuts and bolts of a tool over its looks and ease of use.
"Without question, federal cybersecurity pros have a tough job, but they must start working with end users as partners instead of adversaries," Ruff said. "It is a team game, and better support for users will deliver better results for security."
The news is particularly alarming because the number of cybersecurity threats to federal agencies continues to increase, as does the amount of damage attackers can do. Half the cyber professionals polled say their agency is likely to be a DOS attack victim in the next year – and less than 75 percent of agencies feel "completely prepared" for a variety of potential cyberattacks.
Frank Konkel is a staff writer covering big data, mobile, open government and a range of science/technology issues. Connect with him on Twitter at @Frank_Konkel.