From: E-Commerce Times
“More security rules, more security tasks, and more security delays have done little to drive more user buy-in for cybersecurity,” said Tom Ruff, vice president for the public sector at Akamai. “Without question, federal cybersecurity pros have a tough job, but they must start working with end users as partners instead of adversaries. It is a team game.”
Fending off cybersecurity breaches from external sources is a difficult task — but when breach problems arise from within an organization, the challenge of protecting information becomes even more difficult.
While U.S. government agencies have intensified their use of cybersecurity control technologies, it appears that improved technology will fall short of meeting the security challenge unless the implementation is user-friendly.
In a recent survey of federal cybersecurity professionals, respondents reported that half of all agency security breaches were caused by a lack of user compliance — that is, employees ignored or took shortcuts around available cybersecurity controls and tools.
If the use of cybersecurity control measures are too cumbersome to use — or if the controls interfere with an employee’s ability to perform at a satisfactory level — there is a good chance that the controls will be bypassed, the survey indicated.
End Users Take End Runs
The study, which was conducted by MeriTalk, compared what cybersecurity professionals report about their agency’s security with what end users — federal workers — actually experience. Federal agencies often fail to take the user experience into account when deploying cybersecurity solutions, it found.
“As a direct result, end users often circumvent security measures and open their agencies up to data theft, data loss, and denial-of-service attacks,” MeriTalk says in summarizing its findings.
Federal cybersecurity specialists are intensely worried about threats to their IT systems, according to the survey, which was underwritten by Akamai Technologies. For example, 74 percent of the respondents to the survey said they were not prepared for an international cyberattack. More than 70 percent of survey respondents said they were unprepared for such challenges as coping with a denial-of-service attack, providing adequate cloud security, or protecting mobile device utilization.
Asked to rank various challenges on a scale from lowest to highest, 74 percent of respondents said their top priority was preventing data theft, followed by ensuring a thorough Web security strategy (56 percent). Providing a user-friendly experience across all security applications came in last on cybersecurity professionals’ list of priorities with only 40 percent reporting it as a top concern.
Nearly two-thirds of end users believed the security protocols at their agency were burdensome and time-consuming, while 69 percent said at least some portion of their work took longer than it should have due to security measures.
Leave a Reply