News | November 12, 2009

CDW-G Report: On The Front Lines Of Federal Cybersecurity, IT Professionals Call For Reinforcements To Combat Persistent, Severe Threats

CDW Government, Inc. (CDW-G), a leading source of Information Technology (IT) solutions to governments and educators, recently released its 2009 Federal Cybersecurity Report, which found that across Federal civilian and Department of Defense (DoD) agencies, the number and severity of cybersecurity incidents has stayed the same or increased in the last year, with nearly one-third of Federal agencies experiencing a cybersecurity incident daily. The report, based on a September survey of 300 Federal IT security professionals, identifies agency cybersecurity threats, steps Federal IT professionals are taking to combat them and opportunities for improvement.

Defense and civilian IT security professionals say external sources are their agency/network's biggest threat overall, with defense agencies indicating state-sponsored cybersecurity-warfare programs as their most significant external cybersecurity issue. For civilian agencies, independent international hackers and software problems are the biggest external challenges. At the same time, internal threats such as inappropriate Web surfing, lax user authentication and loss of computing devices continue to leave agencies vulnerable to cybersecurity threats. Respondents cite malware, inappropriate employee activity and remote-user access as the top cybersecurity challenges they face each day – and that remote computing challenges are increasing more than all others.

"Fundamentally, cybersecurity is not just a technology issue – it is a management and cultural challenge for Federal agencies," said Andy Lausch, vice president of federal sales for CDW-G. "Federal IT security professionals are engaging in the cybersecurity war on multiple fronts, and they need the participation of the Federal employees, managers and senior staff that they support. First and foremost, Federal IT security professionals are calling for increased end-user education, both to reduce internal cybersecurity incidents and to close the door to external threats."

Increasing Threats = Increasing Requirements
In response to growing threats, the majority of Federal IT security professionals on the front lines say their requirements for network monitoring/intrusion prevention, encryption, user authentication, end-user education, patch management and network access control have increased or significantly increased during the last year – yet just half say they have adequate budget to meet their cybersecurity needs.

Agencies may see budget relief during the next few years, according to an October forecast on information security spending by market research firm INPUT, which projects Federal spending on information security products and services will increase from $7.9B in 2009 to $11.7B in 2014 in direct response to heightened attacks, evolving threats and presidential and congressional focus on cybersecurity improvements.

To address cybersecurity issues, agencies are taking a multifaceted approach, focusing on end-user training for internal challenges and cybersecurity tools for external threats. To address avoidable end-user mistakes and reduce vulnerabilities, 82 percent of agencies provide ongoing training classes on security policies and procedures. To combat external threats, 81 percent have an Internet firewall and 71 percent have intrusion protection/detection.

However, despite agency training commitments and technology implementations, many agencies still experience avoidable internal risks. More than 70 percent of agencies have experienced inappropriate Web surfing/downloads in the last 12 months, and more than 40 percent have seen the unauthorized transfer of sensitive information. As a result, Federal civilian and defense agencies agree that their No. 1 priority for improving agency cybersecurity is more end-user education.

Increasing Requirements = Reinforcement on the Front Lines
Based upon the findings of the 2009 Federal Cybersecurity Report, CDW-G recommends that Federal agencies:

  • Reassess end-user training: Establish programs and metrics to measure training success. Communicate security policies that include guidelines for acceptable use and policy acknowledgement. Establish consequences for non-compliance with agency cybersecurity policies
  • Address the mobile threat: Implement a tiered security architecture for mobile assets such as two-factor authentication, VPN sessions, data-at-rest encryption, remote Web filtering and end-point security software to ensure mobile devices are compliant and within policy
  • Implement industry-standard technologies: To reduce malware threats and enforce acceptable use policies, assess the agency enterprise and implement basic cybersecurity tools across the agency enterprise
  • Participate in the Federal Trusted Internet Connections (TIC) program, which reduces the number of agency Internet connections. Participants confirm improved security

"During the last several years, Federal agencies have proven they can do more with less in challenging budget environments," Lausch said. "Unfortunately, they are simply outpaced by organized crime, increasingly sophisticated hackers and state-sponsored professionals. It is time for computer users to step up and take an active role in cybersecurity efforts. Much like Americans have made recycling an everyday task, it is time for users to form a new habit – making smart, network-protecting activity a part of their daily routines."

CDW-G's online survey, taken during September 2009, collected responses from 150 Federal civilian and 150 defense IT professionals familiar with their agency's cybersecurity measures and challenges. The margin of error for the total sample is ±5.7 percent at a 95 percent confidence level.

For more information visit http://www.cdwg.com/fedcybersecurity.

About CDW-G
A wholly owned subsidiary of CDW Corporation, ranked No. 34 on Forbes' list of America's Largest Private Companies, CDW Government, Inc. (CDW-G) is a leading provider of technology solutions for federal, state and local government agencies, as well as educational institutions at all levels. The company features dedicated account managers who help customers choose the right technology products and services to meet their needs. The company's technology specialists and engineers offer expertise in designing customized solutions, while its advanced technology engineers can assist customers with the implementation and long-term management of those solutions. Areas of focus include notebooks, desktops, printers, servers and storage, unified communications, security, wireless, power and cooling, networking, software licensing and mobility solutions.

For more information visit CDWG.com.

SOURCE: CDW Government, Inc.