Feds' trust in agency cybersecurity erodes
- By Derek Major
- Apr 21, 2016
Federal employees have lost confidence in agency cybersecurity over the last two years.
According to a survey of 464 senior-level federal workers, only 8 percent said they were very confident in their agency’s ability to protect information systems from cyber intrusions, with 24 percent not confident at all. That indicates a drop from the 2014 results in which 18 percent of responders were very confident their agency could protect information and 8 percent not confident at all.
There has also been a corresponding drop in respondents’ confidence that their department can protect personal information in particular. In 2014, 16 percent of respondents were very confident; today only 6 percent of respondents are very confident, while 35 percent are not confident at all.
Additionally, 60 percent of the senior-level respondents said they did not know how often their agency was the target of a cyber intrusion. Tim Brown, the CTO of Dell Security, which partnered with the Government Business Council on the survey, said he believes that’s due to a lack of education.
“What that means is we’re not giving enough information,” Brown said at the 2016 Information Security and Compliance Forum, where the results were released. “We’re not training enough; we’re not educating people on where and how cyberthreats are occurring -- what the systems are looking like and how much protection we’re giving.”
When asked to rank the biggest cyberthreat sources by order of severity, respondents listed hacktivists first and nation-states second. Insiders ranked fifth, despite malware-embedded and phishing emails being the top respondent-identified threats.
“Our weakest link is still the people,” Brown said. “More and more cases show that people are willing to give up their passwords -- or can easily be fooled into giving up their passwords -- and they don’t realize the effect of doing that.”
Another area of concern is the Internet of Things, although agencies are just starting to adopt the new technology. IoT devices, however, are exploding onto the market and are being put into a variety of devices, even though IoT security issues are largely unknown, Brown said.
With some IoT devices broadcasting information and others that cannot be modified or secured, Brown said, IoT-enabled instrumentation of business is “going to create a security challenge.”
Read the full survey results here.
Derek Major is a former reporter for GCN.