The goal for most companies is to eliminate as many attack surfaces as possible, and that often includes coming up with a security program the entire firm can practice every day.
That is one of the roles of cyber professionals on the federal side as they work to minimize the daily threats faced by agencies, however, one of the biggest security flaws they face may be the network users themselves, according to a new report.
Forty-nine percent of security breaches at federal agencies end up caused by employees bypassing security measures, primarily when surfing the Web, accessing emails and downloading files, according to the report by public-private IT partnership MeriTalk.
As it turns out around 66 percent of federal network users feel security protocols at their agency are burdensome and time-consuming, the report said. And 69 percent said their work takes longer than it should because of additional security measures.
While cyber professionals add more rules and layers of security, they need to work with users to streamline the experience and minimize employees disregarding or working around security blocks, said Tom Ruff, vice president of the public sector at cyber security firm Akamai, which sponsored the report.
“Without question, federal cyber security pros have a tough job, but they must start working with end users as partners instead of adversaries,” Ruff said. “It is a team game, and better support for users will deliver better results for security.”
This makes cyber professionals feel less sure about their agencies resilience from cyber attacks. About 74 percent said they remain unprepared for an international cyber attack, while 70 percent believe they are not even prepared for more traditional denial-of-service attacks, according to the report.
The report also found:
• Nearly one in five users said they were unable to complete an assignment on time because of security measures.
• About 31 percent of users said they work around security measures at least once a week.
• About 95 percent of cyber security professionals agree that security should be a top priority for federal agencies.