While cyber professionals work to minimize the cyber threats faced by federal agencies, one of the biggest security flaws may be the network users themselves, according to a report released Tuesday by public-private IT partnership MeriTalk.
The report found that 49 percent of security breaches at federal agencies are caused by employees bypassing security measures, primarily when surfing the Web, accessing emails and downloading files.
About two-thirds of federal network users believe security protocols at their agency are burdensome and time-consuming, according to the report. And 69 percent say their work takes longer than it should because of additional cybersecurity measures.
Tom Ruff, the vice president of the public sector at cybersecurity firm Akamai, which sponsored the report, said that while cyber professionals add more rules and layers of security, they need to work with users to streamline the experience and minimize employees disregarding or working around security blocks.
“Without question, federal cyber security pros have a tough job, but they must start working with end users as partners instead of adversaries,” Ruff said. “It is a team game, and better support for users will deliver better results for security.”
This makes cyber professionals feel less sure about their agencies resilience from cyber attacks. About 74 percent say they are unprepared for an international cyber attack, while 70 percent believe they are not prepared for more traditional denial-of-service attacks, according to the report.
The report also found that:
■ Nearly one in five users said they were unable to complete an assignment on time because of security measures.
■ About 31 percent of users said they work around security measures at least once a week.
■ About 95 percent of cybersecurity professionals agree that cybersecurity should be a top priority for federal agencies.