The survey of 300 federal IT pros found that 31% said their agency experiences a cybersecurity incident -- external attack, malware, lost device, inappropriate employee access, or other threat -- daily. The frequency of such problems are at the same level or slightly higher than last year for most survey respondents, and their severity has remained about the same.
The top issues are malware (33% of respondents), inappropriate employee activity or network use (25%), managing access for approved remote users (25%), and data encryption (23%). The survey was conducted in September by CDW-G, the government arm of computer supply company CDW.
Survey participants cited an increased need for cybersecurity technologies, a requirement that is already being addressed in many agencies. Market research firm Input forecasts that federal cybersecurity spending will increase 48% from $7.9 billion this year to $11.7 billion in 2014. Major new investments include a $1.5 billion cybersecurity data center under development by the National Security Agency and a cybersecurity operations center recently opened by the Department of Homeland Security.
Mobile computing and smart phones continue to pose security problems to federal IT pros. Concerns over security due to remote and mobile computing were on the rise for 60% of survey respondents. However, among those who indicated that mobile security challenges are increasing, 63% don't use wireless encryption, despite federal requirements.
Though cases of data loss and lost hardware continue to make news, only 23% and 17% of federal IT pros said those particular problems have grown in the last year.
Government IT pros view external threats as being more serious than internal threats. When asked to name their most significant external threat, defense agencies identified state-sponsored cyberwar, while civilian agencies cited hackers and software vulnerabilities.
In terms of inside threats, 44% of respondents said they had seen an employee post a password in a public place in the last year, and a majority cited incidents of inappropriate Web surfing and downloads and lost devices. Respondents cited user education as the number one need to improve cybersecurity.