Employee violations of security policies continue to introduce risks that hackers exploit, survey results show.
More than half of federal information technology professionals fight cybersecurity battles at least weekly, survey results released on Tuesday indicate.
Thirty-one percent of defense and civilian technology officials experience incidents daily, according to the September survey conducted by marketing firm O'Keefe and Co. on behalf of IT solutions provider CDW-G. Breaches included external attacks, viruses, lost handheld devices and employee violations of cybersecurity policy.
Another 23 percent of the 300 respondents said they faced cybersecurity incidents weekly. Furthermore, 80 percent of respondents said the problems were similar or growing in number compared to the previous year, and 85 percent said the severity was the same or increasing.
About one-third of IT professionals said the top daily issue was malware, including viruses, worms, spyware, adware and Trojan horses. About one-quarter of respondents pointed to inappropriate employee activity or network use as their biggest challenge and another quarter cited managing network access for remote users.
Sixty percent of respondents said threats related to remote or mobile computing had increased compared to one year ago, and yet 70 percent reported their agencies did not take steps to prevent data loss and 66 percent acknowledged their agencies did not use wireless encryption, despite federal requirements to do so.
"A lot of people don't know the policies in place, due to a lack of training," said Josh Radlein, federal networking and security specialist for CDW-G. "Everyone should walk into an IT group with a general understanding of policies, but that doesn't always happen."
Federal employees continue to introduce security vulnerabilities through careless online practices and failure to adhere to agency policy, according to the survey. Across defense and civilian agencies, 66 percent of survey respondents said employees have engaged in inappropriate Web surfing and downloads in the past year, and 44 percent caught employees posting passwords in a public place, such as on an office sticky note.
"Policies are great, but if you don't train people on what those policies are and why they're there, they do absolutely nothing to make for a cleaner work environment," Radlein said. "Training is something that has to be done consistently. Threats evolve, and so should your training."