CDW Government released its 2009 Federal Cybersecurity Report, which found that across Federal civilian and Department of Defense agencies, the number and severity of cybersecurity incidents has stayed the same or increased in the last year, with nearly one-third of Federal agencies experiencing a cybersecurity incident daily.
The report, based on a September survey of 300 Federal IT security professionals, identifies agency cybersecurity threats, steps Federal IT professionals are taking to combat them and opportunities for improvement.
Defense and civilian IT security professionals say external sources are their agency/network’s biggest threat overall, with defense agencies indicating state-sponsored cybersecurity-warfare programs as their most significant external cybersecurity issue.
For civilian agencies, independent international hackers and software problems are the biggest external challenges. At the same time, internal threats such as inappropriate Web surfing, lax user authentication and loss of computing devices continue to leave agencies vulnerable to cybersecurity threats. Respondents cite malware, inappropriate employee activity and remote-user access as the top cybersecurity challenges they face each day – and that remote computing challenges are increasing more than all others.
In response to growing threats, the majority of Federal IT security professionals on the front lines say their requirements for network monitoring/intrusion prevention, encryption, user authentication, end-user education, patch management and network access control have increased or significantly increased during the last year – yet just half say they have adequate budget to meet their cybersecurity needs.
To address cybersecurity issues, agencies are taking a multifaceted approach, focusing on end-user training for internal challenges and cybersecurity tools for external threats. To address avoidable end-user mistakes and reduce vulnerabilities, 82 percent of agencies provide ongoing training classes on security policies and procedures. To combat external threats, 81 percent have an Internet firewall and 71 percent have intrusion protection/detection.
However, despite agency training commitments and technology implementations, many agencies still experience avoidable internal risks. More than 70 percent of agencies have experienced inappropriate Web surfing/downloads in the last 12 months, and more than 40 percent have seen the unauthorized transfer of sensitive information. As a result, Federal civilian and defense agencies agree that their No. 1 priority for improving agency cybersecurity is more end-user education.
Based upon the findings of the report, CDW-G recommends that Federal agencies:
- Reassess end-user training
- Address the mobile threat
- Implement industry-standard technologies
- Participate in the Federal Trusted Internet Connections (TIC) program, which reduces the number of agency Internet connections.