According to a survey conducted by Dell with the Government Business Council (GBC), the confidence of Federal employees in their agency’s cybersecurity has dropped significantly over the past couple of years.
Dell and GBC polled a random sampling of Nextgov, Government Executive and Defense One subscribers; 464 senior level federal employees completed the survey of which 54% were GS/GM 13 or above, and all were familiar with cybersecurity representing over 30 federal agencies.
Since the last survey in 2014 conducted by Dell, the Office of Management and Budget was targeted and suffered a major breach so, a drop in confidence in respect of information security was to be expected. However, it is the size of the drop that has been surprising. In 2014, 65% of respondents said they were either confident or very confident in their department/agency’s ability to protect information systems from cyber hackers. In 2016, this figure has drastically reduced to just 35%.
When it comes to their own information, Federal employees are lacking just as much confidence; in 2014, 58% said they felt confident that their department/agency was able to protect personal information. Today, it has dropped to just 28%.
Rina Li, the report’s author, said in the executive summary: “While respondents remain largely confident in the security of networked physical devices and information systems, they still express greater uncertainty toward organisational capabilities than they did two years ago.”
The survey went on to ask respondents what they believed were the most significant threat sources and cyber threats. Email embedded with malware at 63%, phishing/spear phishing at 62% and viruses or worms at 50% were the three most commonly identified threats. Hacktivists were identified by respondents as the most severe threat source, followed by nation states and criminal organisations. Li noted in her report: “Interestingly, insiders ranked second to last despite being the source of top respondent-identified cyber threats.”
A lack of progress in leveraging the Internet of Things or implementing IoT security was also high on the agenda for federal employees, according to the survey, with just 9% and 11% respectively and notably lower than in 2014.
The most commonly identified obstacles to implementing improved security measures include budget constraints (58%), procurement delays (49%) and bureaucratic inertia (44%), suggesting that “organisational barriers present a greater challenge than technical issues with regard to agency cybersecurity enhancement,” wrote Rina Li.