Cybersecurity

The Mars-and-Mercury problem of cybersecurity

cyber security experience report

Half of all agency cybersecurity breaches are caused by feds who fail to comply with security measures in place at their agencies, according to a Meritalk study released Oct. 15. (Download the report).

The study, which polled 100 government cyber professionals and 100 federal employees, suggests a rift between IT cybersecurity professionals who value security above all else and their systems' end users – the feds who just want to do their jobs.

Titled "The Cyber Security Experience: Cyber Security Pros from Mars; Users from Mercury," the study finds 31 percent of federal employee end-users use some form of security work-around at least weekly, and nearly 20 percent of feds have failed to complete a work assignment because of existing security measures. Feds reported being most frustrated by simple tasks like surfing the web and downloading files, the same two tasks that cybersecurity professionals said most frequently produced security breaches through external attacks like phishing and malware.

The protocols cyber pros find necessary to keep data secure are burdensome, time-consuming and sometimes obstructive to their end users.

"More security rules, more security tasks, and more security delays have done little to drive more user buy-in for cybersecurity," said Tom Ruff, Akamai's vice president for public sector. Akamai underwrote the study.

Despite obvious disagreements on implementation, 95 percent of end users and cyber professionals agreed the deployment of cybersecurity measures is an "absolute necessity" to prevent against data loss, data theft and denial-of-service (DOS) attacks.

According to end-users surveyed, possible strategies to mitigate the bridge between themselves and security professionals include a single sign-on (56 percent), user-friendly interface (27 percent) and streamlined access to mobile applications (13 percent). However, cyber professionals rated "ensuring a user-friendly experience" dead last as a priority, indicating they favor the nuts and bolts of a tool over its looks and ease of use.

"Without question, federal cybersecurity pros have a tough job, but they must start working with end users as partners instead of adversaries," Ruff said. "It is a team game, and better support for users will deliver better results for security."

The news is particularly alarming because the number of cybersecurity threats to federal agencies continues to increase, as does the amount of damage attackers can do. Half the cyber professionals polled say their agency is likely to be a DOS attack victim in the next year – and less than 75 percent of agencies feel "completely prepared" for a variety of potential cyberattacks.

About the Author

Frank Konkel is a former staff writer for FCW.

Featured

  • IT Modernization
    Eisenhower Executive Office Building (Image: Wikimedia Commons)

    OMB's user guide to the MGT Act

    The Office of Management and Budget is working on a rules-of-the-road document to cover how agencies can seek and use funds under the MGT Act.

  • global network (Pushish Images/Shutterstock.com)

    As others see us -- a few surprises

    A recent dinner with civil servants from Asia delivered some interesting insights, Steve Kelman writes.

  • FCW Perspectives
    cloud (Singkham/Shutterstock.com)

    A smarter approach to cloud

    Advances in cloud technology are shifting the focus toward choosing the right tool for the job and crafting solutions that truly modernize systems.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.