A recent study that seeks to compare and contrast attitudes towards cybersecurity measures at federal agencies between those who implement security and the end-user experience reveals a fairly low level of confidence in our ability to protect critical networks, and a low level of compliance with security policies.
The good news is that 95% of end-users and security pros agree that the deployment of cybersecurity measures is absolutely necessity to protect agencies from attacks and the loss of sensitive data. The bad news is that for some reason, 5% of the respondents did not agree, which is puzzling.
Overall, end-users complained mostly about security measures inhibiting their ability to perform their jobs well, too many access control restrictions, and need to work around security protocols, while security pros raised concerns over incident preparedness, access control, and the failure of employees to comply with policies and procedures.
Key findings for security pros included:
- 49% of agency security breaches are caused by a lack of user compliance.
- 74% of cybersecurity professionals say their agency is not ready to support secure access from mobile devices.
- 67% of cybersecurity professionals say their agency is not ready to fend off hackers.
- 74% of cybersecurity professionals say preventing data theft is their top priority.
- 50% of cybersecurity experts say their agency is likely to be a target of a denial-of-service attack in the next 12 months.
Key findings from the end-users showed:
- 69% of users say at least some portion of their work takes them longer than it should due to security measures.
- 31% of end users say they use some kind of security work-around at least once a week.
- 54% of users struggle to keep track of their passwords.
The full report can be downloaded here in PDF (form required).