CDW-G Federal Cybersecurity Report:
Danger on the Front Lines
The Obama administration's Cyberspace Policy Review brought cybersecurity to the forefront of the presidential priority list. While policy makers determine what national policies, agencies and people are a best fit for tackling the problem, the fight for tighter IT security continues at the operational levels of government.
To better understand cybersecurity threats and help identify the path to security, CDW-G conducted an online survey of 150 Federal civilian and 150 Department of Defense IT professionals on the front lines, who confront cybersecurity incidents day in and day out.
The 2009 CDW-G Federal Cybersecurity Report identifies cybersecurity threats agencies face each day, steps Federal IT professionals are taking to combat them and finds opportunities for improvement.
- 54% of Federal agencies experience a cybersecurity incident* at least weekly
* Incidents include external attack, virus, lost PDA, inappropriate employee activity, etc.
from external sources
|
What is your most significant external threat?Defense agencies:
State-sponsored cybersecurity-warfare programs
Civilian agencies:
Independent international hackers and software problems (tie)
Which of the following internal threats has your organization experienced in the last 12 months*?
- 66% Inappropriate Web surfing/downloads
- 50% Lost devices(laptops, PDAs, phones)
- 40% Lost/stolen/shared passwords
- 39% Unauthorized transfer of sensitive information
- 17% Lack of robust user authentication
- 10% Employee hackers
*Respondents were asked to select all that apply.
To address avoidable mistakes and bolster defenses, agencies recognize the need to involve end users in cybersecurity efforts
- Agencies are investing in end-user training:
- 82% say they provide ongoing training classes on security policies and procedures
- 79% say they train new employees on computer security policies and procedures
- 82%
say they have an Internet
firewall - and
- 71%
say they have intrusion
protection
- Reassess end-user training: Establish a program and metrics to measure training success. Communicate security policies that include guidelines for acceptable use and policy acknowledgement. Establish consequences for non-compliance with agency cybersecurity policies
- Address the mobile threat: Implement a tiered security architecture on mobile assets such as two-factor authentication, VPN sessions, data-at-rest encryption, remote Web filtering and end-point security software to ensure the mobile device is compliant and within policy
- Implement industry-standard technologies: To reduce malware threats and enforce acceptable use policies, assess your agency enterprise and implement basic cybersecurity tools* across the agency enterprise
- Participate in the Trusted Internet Connections Program: Participants confirm improved security
*E.g., anti-spam/anti-spyware software, Web filtering software, network access control software
Security White Paper: Key Strategies for Safeguarding IT Resources from Interior and Exterior Threats
CDW-G Security Assessment: Measure Network Security, Understand Security Threats, Identify Vulnerabilities
CDW-G hired O'Keeffe & Company to execute an online survey in September 2009, collecting 300 responses from Federal IT professionals familiar with their agency's cybersecurity measures and challenges. The sample included:
Title
|
Branch
Margin of Error
|
