Federal agencies often fail to take the user experience into account when deploying cyber-security solutions, and as a direct result, users often circumvent security measures and open up their agencies to data theft, data loss and denial-of-service attacks, according to a report from Meritalk, a public-private partnership focused on IT.
The study, underwritten by Akamai Technologies, compared what cyber-security professionals report about their agency’s security with what users, in this case, federal workers, actually experience.
Users said cyber-security measures hinder their productivity, and as a result admit to breaking protocol. A full two-thirds (66 percent) of users believe the security protocols at their agencies are burdensome and time-consuming, and 69 percent say at least some portion of their work takes longer than it should due to security measures.
Cyber-security professionals estimated that almost half (49 percent) of all agency security breaches are caused by a lack of user compliance. These breaches are frequent with half of cyber-security professionals reporting they witness a breach in their agency’s security policies at least once a week.
The survey also revealed nearly one in five users can recall an instance where they were unable to complete a work assignment on time because of a security measure. As a result, 31 percent of users say they use some type of security workaround at least once a week.
“More security rules, more security tasks and more security delays have done little to drive more user buy-in for cyber-security,” Tom Ruff, vice president public sector for Akamai, said in a statement. “Without question, federal cyber-security pros have a tough job, but they must start working with end users as partners instead of adversaries. It is a team game, and better support for users will deliver better results for security.”
According to cyber-security professionals, the most challenging user applications to secure are email, external Websites and the Internet from agency work stations. These are the same tools that more than 80 percent of users rely on daily.
Despite frustrations, users and cyber-security professionals agree that cyber-security should be a top priority for federal agencies. Nearly all (95 percent of cyber-security professionals and users agree that the deployment of cyber-security measures is an absolute necessity to protect agencies from cyber-threats such as data loss, data theft and denial-of-service attacks. The vast majority (98 percent) said keeping agency networks and data secure is everyone’s responsibility.
However, the report found that the activities cyber-security professionals say are the most likely to cause a security breach are the same activities where users run into the most frustrating security measures. The top areas for cyber-security professionals’ concern and users’ frustration are surfing the Internet, downloading files, accessing networks and transferring files.