Are strong security protocols actually making the federal government less secure?
According to a new study by MeriTalk, federal cybersecurity professionals are so focused on implementing rigid policies to lock down data that they often ignore how those rules will impact end users within their agencies.
The result, perhaps predictably, is that many government workers resent the burden that security protocols impose, complaining that they are time-consuming and hinder productivity, while nearly a third say that they regularly use a workaround to circumvent the security roadblocks.
Respondents to the MeriTalk survey, which was underwritten by cloud provider Akamai, noted a direct correlation between onerous security policies and a lack of compliance. Small wonder then that security professionals said that nearly half — 49 percent — of federal security breaches can be attributed to end users not complying with the policies in place at their agencies.
"More security rules, more security tasks and more security delays have done little to drive more user buy-in for cybersecurity," Tom Ruff, vice president of Akamai's public sector division, said in a statement.
Security Is Important, but &.
It's not that government workers don't appreciate the importance of security. Ninety-five percent of respondents — cybersecurity workers and end users alike — agreed that maintaining strong security is critical to their agency's operations, and 98 percent said that security is everyone's responsibility.
So if the spirit of shared responsibility is there, the new report argues that cybersecurity professionals need to better attune themselves to the day-to-day challenges that agency workers face.
"Without question, federal cybersecurity pros have a tough job, but they must start working with end users as partners instead of adversaries. It is a team game, and better support for users will deliver better results for security," Ruff said.
The increasing sophistication of cyber threats and the new IT initiatives agency CIOs are pursuing across the government add a sense of urgency to harmonizing security policies with end user behavior. For instance, 74 percent of the cybersecurity professionals polled said that they are unprepared for an international attack, and an equal number said they aren't equipped to adequately secure access to mobile devices.
Then 70 percent said that they aren't prepared to secure cloud environments, and 70 percent also said they aren't ready to fend off a denial-of-service attack. At the same time, half of cybersecurity workers polled said that they anticipate that their agency will be the victim of a DoS attack in the coming year.
The severity of those challenges, along with the general feeling of unpreparedness, has impelled cybersecurity professionals to implement more rigid policies to lock down agency data and restrict access.
Sign up for MIS Asia eNewsletters.