Half Of Federal Security Breaches Caused By Employees



This week, MeriTalk, a public-private partnership focused on improving the outcomes of government IT, announced the results of a new report. The study compares what cyber security professionals report about their agency's security with what end-users actually experience. The report concludes that agencies often fail to take the user experience into account when deploying cyber security solutions. And because of that, end users circumvent security measures and open their agency network up to data breaches and other attacks.

Most federal agencies constantly battle international cyber attacks, denial-of-service attacks, hackers, and data theft. However, only around 30% of Federal cyber security professionals feel completely prepared for these threats. As a result of the numerous cyber threats, cyber security professionals are focused on keeping data secure but fail to prioritize the user experience. As security measures become less user-friendly, they also become less effective.

Cyber security professionals estimate that almost half (49 percent) of all agency security breaches are caused by a lack of user compliance. The most challenging end user applications to secure are email, external websites, and using the internet at their agency work stations, the same tools that practically all users rely on to get their job done. The activities that cyber security professionals say are the most likely to cause a security breach are the same activities where end-users run into the most frustrating security measures. The top areas for cyber security professionals' concern and end-users' frustration are surfing the internet, downloading files, accessing networks, and transferring files.

End-users say cyber security measures hinder their productivity and as a result admit to breaking protocol. Sixty-six percent of users believe the security protocols at their agency are burdensome and time-consuming, and 31% of users say they use some kind of security work around at least once a week. Despite frustrations, end users and cyber security professionals agree that cyber security should be a top priority for Federal agencies.

Ninety-five percent of cyber security professionals and end users agree that the deployment of cyber security measures is an absolute necessity to protect agencies from cyber threats such as data loss, data theft, and denial-of-service attacks. Almost all (98 percent) say keeping agency networks and data secure is everyone's responsibility. A great way to start would be to give all employees effective security awareness training so that they better understand why these cyber security measures are necessary. To download the full study go to:
http://www.meritalk.com/cybersecurityexperience




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews