From: BankInfoSecurity.com
Users Bypass Security Measures, Say They’re Burdensome
By Eric Chabrow
IT security experts I interviewed on federal preparedness – or lack thereof – for securely restoring IT systems when the partial government shutdown ends say that security was lacking before the shutdown (see IT Seen As Vulnerable When Shutdown Ends).
For example, Bruce Brody, the onetime chief information security officer at the Energy and Veterans Affairs departments, put it this way: “Let’s not presuppose that these systems were entirely shipshape before the shutdown.”
A new survey of 100 federal IT and IT security managers and specialists shows they generally concur with that assessment.
More than two-thirds of them say their agencies are ill-prepared to defend against advanced malware, distributed-denial-of-service attacks, hackers, international cyber-attacks and employees leaking secure information. And most say the agencies aren’t ready to deploy secure cloud computing environments and provide safe access to mobile devices. That’s not all. More than half say their agencies can’t properly prevent data loss and data theft.
The study – Cybersecurity Experience: Security Pros from Mars; Users from Mercury – is based on an August online survey that also queried 100 federal government IT end-users. The survey, commissioned by MeriTalk, a public-private partnership aimed at improving government IT, was underwritten by the Internet content delivery network Akamai Technologies.
The Enemy Is Us
Among the more astounding results: Half of those charged with safeguarding their agencies’ IT systems say they witness a violation of their agency’s security policies at least once a week. Why so? Lack of user compliance. As Walt Kelly’s comic-strip protagonist Pogo once uttered, “We have met the enemy and he is us.”
Government IT users cite the burdensome, time-consuming and obstructive nature – in their view – of IT security measures as hampering their ability to get their jobs done. Nearly 70 percent of users say at least some portion of their work takes them longer than it should because of security measures. That’s why one in three users surveyed say they employ some type of security workaround at least once a week.
That presents cybersecurity specialists with the problem of toughening security while making it user friendly.
“More security rules, more security tasks and more security delays have done little to drive more user buy-in for cybersecurity,” says Tom Ruff, a vice president at Akamai. “Without question, federal cybersecurity pros have a tough job, but they must start working with end users as partners instead of adversaries. It is a team game, and better support for users will deliver better results for security.”
Frustrations Lead to Increased Risk
Leave a Reply