CDW-G Report: On the Front Lines of Federal Cybersecurity, IT Professionals Call for Reinforcements to Combat Persistent, Severe Threats.Pros Call for Training, IT Tools and Staff: Nearly One-Third Face Cybersecurity Incidents Daily HERNDON, Va. -- CDW CDW - data warehouse Government, Inc. (CDW-G CDW-G CDW - Government (formerly Computer Discount Warehouse - Government) ), a leading source of Information Technology (IT) solutions to governments and educators, today released its 2009 Federal Cybersecurity Report, which found that across Federal civilian and Department of Defense (DoD) agencies, the number and severity of cybersecurity incidents has stayed the same or increased in the last year, with nearly one-third of Federal agencies experiencing a cybersecurity incident daily. The report, based on a September survey of 300 Federal IT security professionals, identifies agency cybersecurity threats, steps Federal IT professionals are taking to combat them and opportunities for improvement. Defense and civilian IT security professionals say external sources are their agency/network's biggest threat overall, with defense agencies indicating state-sponsored cybersecurity-warfare programs as their most significant external cybersecurity issue. For civilian agencies, independent international hackers and software problems are the biggest external challenges. At the same time, internal threats such as inappropriate Web surfing Refers to jumping from page to page on the Web. Just as in "TV channel surfing," where one clicks the remote to go from channel to channel, the hyperlink on Web pages makes it easy to jump from one page to another. , lax user authentication See authentication. and loss of computing devices continue to leave agencies vulnerable to cybersecurity threats. Respondents cite malware (MALicious softWARE) Software designed to destroy, aggravate and otherwise make life unhappy. See crimeware, virus, worm, logic bomb, macro virus and Trojan. , inappropriate employee activity and remote-user access as the top cybersecurity challenges they face each day - and that remote computing challenges are increasing more than all others. "Fundamentally, cybersecurity is not just a technology issue - it is a management and cultural challenge for Federal agencies," said Andy Lausch, vice president of federal sales for CDW-G. "Federal IT security professionals are engaging in the cybersecurity war on multiple fronts, and they need the participation of the Federal employees, managers and senior staff that they support. First and foremost, Federal IT security professionals are calling for increased end-user education, both to reduce internal cybersecurity incidents and to close the door to external threats." Increasing Threats = Increasing Requirements In response to growing threats, the majority of Federal IT security professionals on the front lines say their requirements for network monitoring/intrusion prevention, encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. , user authentication, end-user education, patch management The installation of patches from a software vendor onto an organization's computers. Patching thousands of PCs and servers is a major issue. A patch should be applied to test machines first before deployment, and the testing environments must represent all the users' PCs with their unique and network access control have increased or significantly increased during the last year - yet just half say they have adequate budget to meet their cybersecurity needs. Agencies may see budget relief during the next few years, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. an October forecast on information security spending by market research firm INPUT, which projects Federal spending on information security products and services will increase from $7.9 billion in 2009 to $11.7 billion in 2014 in direct response to heightened attacks, evolving threats and presidential and congressional focus on cybersecurity improvements. To address cybersecurity issues, agencies are taking a multifaceted mul·ti·fac·et·ed adj. Having many facets or aspects. See Synonyms at versatile. Adj. 1. multifaceted - having many aspects; "a many-sided subject"; "a multifaceted undertaking"; "multifarious interests"; "the multifarious approach, focusing on end-user training for internal challenges and cybersecurity tools for external threats. To address avoidable end-user mistakes and reduce vulnerabilities, 82 percent of agencies provide ongoing training classes on security policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental . To combat external threats, 81 percent have an Internet firewall A firewall that is used to shield users from the Internet. See firewall. and 71 percent have intrusion protection/detection. However, despite agency training commitments and technology implementations, many agencies still experience avoidable internal risks. More than 70 percent of agencies have experienced inappropriate Web surfing/downloads in the last 12 months, and more than 40 percent have seen the unauthorized transfer of sensitive information. As a result, Federal civilian and defense agencies agree that their No. 1 priority for improving agency cybersecurity is more end-user education. Increasing Requirements = Reinforcement on the Front Lines Based upon the findings of the 2009 Federal Cybersecurity Report, CDW-G recommends that Federal agencies: * Reassess reassess Verb to reconsider the value or importance of reassessment n Verb 1. reassess - revise or renew one's assessment reevaluate end-user training: Establish programs and metrics to measure training success. Communicate security policies that include guidelines for acceptable use and policy acknowledgement. Establish consequences for non-compliance with agency cybersecurity policies * Address the mobile threat: Implement a tiered security architecture for mobile assets such as two-factor authentication The use of two independent mechanisms for authentication; for example, requiring a smart card and a password. The combination is less likely to allow abuse than either component alone. See authentication. , VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. sessions, data-at-rest encryption, remote Web filtering Blocking access to unwanted Internet content. Businesses can block content based on traffic type. For example, Web access might be allowed, but file transfers may not. Content can also be blocked by site, using lists of URLs cataloged by content that are updated frequently. and end-point security software to ensure mobile devices are compliant and within policy * Implement industry-standard technologies: To reduce malware threats and enforce acceptable use policies, assess the agency enterprise and implement basic cybersecurity tools across the agency enterprise * Participate in the Federal Trusted Internet Connections (TIC) program, which reduces the number of agency Internet connections. Participants confirm improved security "During the last several years, Federal agencies have proven they can do more with less in challenging budget environments," Lausch said. "Unfortunately, they are simply outpaced by organized crime, increasingly sophisticated hackers and state-sponsored professionals. It is time for computer users to step up and take an active role in cybersecurity efforts. Much like Americans have made recycling an everyday task, it is time for users to form a new habit - making smart, network-protecting activity a part of their daily routines." CDW-G's online survey, taken during September 2009, collected responses from 150 Federal civilian and 150 defense IT professionals familiar with their agency's cybersecurity measures and challenges. The margin of error for the total sample is O5.7 percent at a 95 percent confidence level. For a copy of the complete CDW-G Federal Cybersecurity Report and other cybersecurity resources, please visit http://www.cdwg.com/fedcybersecurity. About CDW-G A wholly owned subsidiary Wholly Owned Subsidiary A subsidiary whose parent company owns 100% of its common stock. Notes: In other words, the parent company owns the company outright and there are no minority owners. of CDW Corporation, ranked No. 34 on Forbes' list of America's Largest Private Companies, CDW Government, Inc. (CDW-G) is a leading provider of technology solutions for federal, state and local government agencies, as well as educational institutions at all levels. The company features dedicated account managers who help customers choose the right technology products and services to meet their needs. The company's technology specialists and engineers offer expertise in designing customized solutions, while its advanced technology engineers can assist customers with the implementation and long-term management of those solutions. Areas of focus include notebooks, desktops, printers, servers and storage, unified communications The real time redirection of a voice, text or e-mail message to the device closest to the intended recipient at any given time. For example, voice calls to desk phones could be routed to the user's cellphone when required. , security, wireless, power and cooling, networking, software licensing and mobility solutions. For more information about CDW-G product offerings, procurement options, service and solutions, call 1.800.808.4239, email cdwgsales@cdwg.com or visit the CDW-G Web site at CDWG.com. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion