Cybersecurity

The Mars-and-Mercury problem of cybersecurity

cyber security experience report

Half of all agency cybersecurity breaches are caused by feds who fail to comply with security measures in place at their agencies, according to a Meritalk study released Oct. 15. (Download the report).

The study, which polled 100 government cyber professionals and 100 federal employees, suggests a rift between IT cybersecurity professionals who value security above all else and their systems' end users – the feds who just want to do their jobs.

Titled "The Cyber Security Experience: Cyber Security Pros from Mars; Users from Mercury," the study finds 31 percent of federal employee end-users use some form of security work-around at least weekly, and nearly 20 percent of feds have failed to complete a work assignment because of existing security measures. Feds reported being most frustrated by simple tasks like surfing the web and downloading files, the same two tasks that cybersecurity professionals said most frequently produced security breaches through external attacks like phishing and malware.

The protocols cyber pros find necessary to keep data secure are burdensome, time-consuming and sometimes obstructive to their end users.

"More security rules, more security tasks, and more security delays have done little to drive more user buy-in for cybersecurity," said Tom Ruff, Akamai's vice president for public sector. Akamai underwrote the study.

Despite obvious disagreements on implementation, 95 percent of end users and cyber professionals agreed the deployment of cybersecurity measures is an "absolute necessity" to prevent against data loss, data theft and denial-of-service (DOS) attacks.

According to end-users surveyed, possible strategies to mitigate the bridge between themselves and security professionals include a single sign-on (56 percent), user-friendly interface (27 percent) and streamlined access to mobile applications (13 percent). However, cyber professionals rated "ensuring a user-friendly experience" dead last as a priority, indicating they favor the nuts and bolts of a tool over its looks and ease of use.

"Without question, federal cybersecurity pros have a tough job, but they must start working with end users as partners instead of adversaries," Ruff said. "It is a team game, and better support for users will deliver better results for security."

The news is particularly alarming because the number of cybersecurity threats to federal agencies continues to increase, as does the amount of damage attackers can do. Half the cyber professionals polled say their agency is likely to be a DOS attack victim in the next year – and less than 75 percent of agencies feel "completely prepared" for a variety of potential cyberattacks.

About the Author

Frank Konkel is a former staff writer for FCW.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.