As federal agencies adopt emerging tech trends like mobility, wearables and the Internet of Things, a new Dell Software study found they are struggling to keep cybersecurity in stride with cyber criminals. And though speed is an issue in staying guarded during the transition, the survey’s respondents felt the biggest need to secure information within the new infrastructure is workforce education.
In Dell’s study, 56 percent of responding federal employees said their agency was moving to “leverage emerging technologies like the IoT,” but just 25 percent said cybersecurity was a major concern during that adoption.
The issue, however, doesn’t result from a major shift in cybersecurity practices to protect the new infrastructure, but a human decision to not put security at the forefront, said Paul Christman, vice president of public sector sales and marketing for Dell Software.
“What we’re seeing is people connecting to these devices and thinking about security later, rather than security embedded into the discussion of the architecture,” Christman said.
While it might seem inherently more complex to secure a new technology like the Internet of Things rather than a laptop or a desktop, Christman thought differently: All of the devices exist in different ranges of the same spectrum, and similar cybersecurity practices can be used for each.
“The Internet of Things is going to bring in different operating systems, different form factors, but the structure and the framework of protecting these things that are connected to a network, the techniques are known, the ideas and the information technology disciplines are known,” he said. “We don’t see this as a huge challenge. We see this as something that needs to be done as new devices are connected into the new network, just like moving from a desktop to a laptop and a laptop to a mobile device.”
According to Christman, the survey results provide evidence that agencies haven’t learned the security lessons from moving from something as straight forward as a desktop to a laptop. “We should be applying those lessons from the get-go,” he said.
Surprisingly, Dell found that though cyber attacks against agencies are becoming more sophisticated and frequent, many agency employees view simpler attacks, like phishing and malware embedded in email attachments, as the bigger threat to security.
“It’s the everyday general users getting tricked into simple phishing emails where they click on links that they shouldn’t and infect their machines with malware,” Christman said. “It would logically follow that the biggest issue that our federal customers said they needed help with was workforce education — cybersecurity literacy and awareness. It’s about the people, it’s about being cyber aware, it’s about helping prevent preventable intrusions. Our best, only first line of defense here is education.”
But federal agencies are also going to have to keep up with speed of cybercriminals, something many federal employees don’t have faith in. Forty-six percent of survey respondents said the federal acquisition process is too slow, and 44 percent said “bureaucratic inertia” impedes the proper security of federal information.
“Those two numbers are way too high,” Christman said, despite his optimism that government can succeed in solving its most pressing security challenges. “I always say criminals move at criminal speed and government moves at government speed, which do you think is faster? It’s really challenging to move at government speed and keep up with criminals.”