US public servants lack confidence in govt security

By Dylan Bushell-Embling
Friday, 22 April, 2016

Confidence among US federal employees in their agency's cybersecurity capabilities has shrunk significantly in just two years, a new report shows.

The Government Business Council's 2016 progress report into achieving holistic cybersecurity, conducted in conjunction with Dell, shows that fewer than one in three federal leaders feel confident in their agency's ability to keep up with evolving cyber threats.

In addition, just 35% of respondents are confident or very confident in their agency's ability to protect information systems, and fewer than one in three feel they are well positioned to protect employees' personal information.

This is a stark turnaround from 2014, when a substantial majority of respondents felt that their agency's defensive measures were capable of combating cyber threats.

Agency leaders consider email embedded with malware and phishing to be the top cyber threats, and identify cybersecurity personnel and workforce education as cyber defence elements in need of significant improvement. This suggests that security education needs to be improved in an agency-wide manner.

The report also shows that agency leaders have yet to make significant progress adopting IoT cybersecurity capabilities. Only 20% of respondents said their departments are leveraging IoT or moving quickly to do so, and only 19% believe that their agency considers adapting its cybersecurity strategy to accommodate the IoT to be a priority.

Defence agencies are taking advantage of the technology to a greater extent than other agencies, with 29% using or quickly moving to use IoT devices.

Some 38% of federal employees report that their organisation is targeted by cyber intrusions multiple times per year, with 18% reporting that their agency is attacked multiple times per day.

But the majority of respondents (60%) do not know how often their agencies are targeted, up from just 20% in 2014.

Hacktivists are considered to be the greatest cyber threat sources, followed by nation states and criminal organisations.

Respondents considered budget constraints, a slow technology acquisition process and bureaucratic inertia to be the biggest obstacles to developing a holistic approach to cybersecurity.

A shortage of technical expertise and awareness and a lack of interoperability among security systems are also significant impediments.

The report recommends that agencies seeking to achieve a holistic approach to cybersecurity focus on addressing these systemic obstacles, as well as on mitigating both human and technical risks.

Image courtesy of Tom Lohdan under CC