New Study: Half Of Federal Agency Security Breaches Caused By Lack Of User Compliance
Alexandria, Va., October 15, 2013 – MeriTalk, a public-private partnership focused on improving the outcomes of government IT, today announced the results of its new report, “Cyber Security Experience: Cyber Security Pros from Mars; Users from Mercury.” The study, underwritten by Akamai Technologies, Inc. , compares what cyber security professionals report about their agency’s security with what end users – Federal workers – actually experience. According to the report, agencies often fail to take the user experience into account when deploying cyber security solutions. As a direct result, end users often circumvent security measures and open their agencies up to data theft, data loss, and denial-of-service attacks.
Federal agencies regularly battle very real cyber threats including international cyber attacks, denial-of-service attacks, hackers, and data theft. However, few Federal cyber security professionals feel completely prepared for these threats – 74% say they are not prepared for an international cyber attack, 74% say they are not prepared to support secure access for mobile devices, 70% are not prepared for a denial-of-service attack, and 70% are not prepared to secure cloud computing environments. Prepared or not, these cyber attacks show no signs of slowing – half of cyber security professionals say their agency is likely to be the victim of a denial-of-service attack in the next 12 months.
As a result of the numerous cyber threats, cyber security professionals are focused on keeping data secure but fail to prioritize the user experience. Seventy-four percent of cyber security professionals say their top priority is preventing data theft followed by ensuring a thorough web security strategy (56 percent), maintaining and upgrading security systems (55 percent), deploying the most up-to-date cyber security protocols (54 percent), and mitigating denial-of-service attacks (53 percent). Ensuring a user-friendly experience across all security applications comes in last on cyber security professionals’ list of priorities with only 40% reporting it as a top concern.
As security measures become less user friendly, they also become less effective. Cyber security professionals estimate that almost half (49 percent) of all agency security breaches are caused by a lack of user compliance. These breaches are frequent with half of cyber security professionals reporting they witness a breach in their agency’s security policies at least once a week. According to cyber security professionals, the most challenging end user applications to secure are email, external websites, and the internet from agency work stations. These are the same tools that more than 80% of end users rely on daily.
Not only do end users experience challenges with the applications they use daily, many of the activities they must perform as part of their daily work also cause frustration. The activities that cyber security professionals say are the most likely to cause a security breach are the same activities where end users run into the most frustrating security measures. The top areas for cyber security professionals’ concern and end users’ frustration are surfing the internet, downloading files, accessing networks, and transferring files.
“More security rules, more security tasks, and more security delays have done little to drive more user buy-in for cyber security,” said Tom Ruff, vice president public sector, Akamai. “Without question, Federal cyber security pros have a tough job, but they must start working with end users as partners instead of adversaries. It is a team game, and better support for users will deliver better results for security.”
End users say cyber security measures hinder their productivity and as a result admit to breaking protocol. Sixty-six percent of end users believe the security protocols at their agency are burdensome and time-consuming. Sixty-nine percent say at least some portion of their work takes longer than it should due to security measures. Nearly one in five end users can recall an instance where they were unable to complete a work assignment on time because of a security measure. As a result, 31% of end users say they use some kind of security work around at least once a week.
Despite frustrations, end users and cyber security professionals agree that cyber security should be a top priority for Federal agencies. Ninety-five percent of cyber security professionals and end users agree that the deployment of cyber security measures is an absolute necessity to protect agencies from cyber threats such as data loss, data theft, and denial-of-service attacks. Almost all (98 percent) say keeping agency networks and data secure is everyone’s responsibility.
“Cyber Security Experience: Cyber Security Pros from Mars; Users from Mercury” is based on an online survey of 100 cyber professionals and 100 end users in August 2013. The report has a margin of error of +/- 9.78 percent at a 95% confidence level. To download the full study, please visit http://www.meritalk.com/cybersecurityexperience.
The voice of tomorrow’s government today, MeriTalk is a public-private partnership focused on improving the outcomes of government IT. Focusing on government’s hot-button issues, MeriTalk hosts Big Data Exchange, Cloud Computing Exchange, Cyber Security Exchange, and Data Center Exchange – platforms dedicated to supporting public-private dialogue and collaboration. MeriTalk connects with an audience of 85,000 government community contacts. For more information, visit www.meritalk.com or follow us on Twitter, @meritalk. MeriTalk is a 300Brand organization.