Is cybersecurity underfunded? Many feds think so
Connecting state and local government leaders
A poll of FOSE attendees revealed the top security threats they see in their organizations -- some from surprising sources.
Ninety-four percent of government and related information technology professionals believe federal agencies and networks get attacked every day, but 47 percent believe their organization does not have the funding it needs to meet its security requirements, according to a poll of FOSE attendees at CDW-G’s presentation of its November 2009 Federal Cybersecurity Report. A further 27 percent were unsure whether they had the funding needed to support their cybersecurity efforts.
CDW-G polled the attendees directly on Wednesday. The survey respondents came from federal civilian agencies (16 percent), Defense Department( 42 percent) and state and local government (4 percent). Another 26 percent came from industry, and the remaining 12 percent were classed as "other" in Wednesday’s FOSE session. In all, 50 people were polled.
The top security issues:
- Inappropriate employee activity andnetwork use (29 percent).
- Malware (21 percent).
- Lost passwords (18 percent).
- Educating end-users 13 percent.
The gateway through which attacks are coming through has shifted from email to the Web, said Bob Hansmann, senior product marketing manager of Blue Coat, an application delivery network provider. These threats often come from social networking sites, he said.
“Malware stays an average of two hours on a site, so your solution can’t be static,” Hansmann said.
Agencies also need to have just as many safeguards in place for mobile workers as those on the network, said Stan Oien, network and security specialist for CDW-G. However, security measures can’t be so draconian that employees can’t get their work done, Hansmann added.
The poll also asked respondents what they most need to improve their security. The top responses:
- More employees dedicated to cybersecurity (40 percent).
- Better and more widely enforced acceptable usage rules (35 percent).
- Better technology tools (19 percent).
Findings from FOSE attendees were similar to CDW-G’s report, issued late in 2009, which surveyed 150 federal civilian and 150 DOD IT professionals. In that study, more than half of all federal agencies (54 percent) reported experiencing a cybersecurity incident at least weekly. The majority of respondents (80 percent) said the number of cybersecurity incidents had either stayed the same (36 percent) or increased (44 percent), with the severity of threats either remaining the same (54 percent) or increasing (31 percent).
The top three daily cybersecurity issues from the report: malware (33 percent), inappropriate employee activity/network use (25 percent) and remote user access (25 percent). End user education and forgotten/lost passwords were other obstacles, a top security issue for 44 percent of respondents (22 percent each). Data encryption was another top issue for 23 percent of respondents.
Remote/mobile computing and malware challenges are increasing, said report respondents. Sixty percent listed remote/mobile computing as an increasing security challenge, 49 percent said viruses, worms and spyware and 40 percent listed bots, key loggers and data minors as increasing challenges.
“These threats are ever-evolving. Security needs to be a forethought instead of an afterthought,” Oien said.
CDW-G’s Federal Cybersecurity Report is available at www.cdwg.com/fedcybersecurity.