Security Concern: 44% of Federal Endpoints Are Unprotected
An analysis of the government IT system reveals that 44% of the Federal government’s endpoints are unknown or unprotected. Only half of the MeriTalk survey respondents have attempted to secure endpoints, which are items such as laptops, cell phones and tablets.
Cyber criminals that wish to gain access to government or government employee data capitalize on the status of a device (known/unknown, secure or insecure) to find a way into a sensitive government network.
One-third of Federal IT managers in the study entitled “Endpoint Epidemic” say they have experienced a data breach that occurred due to a software hole of which they were unaware. Additionally, they estimate 30% of their network-connected devices have been infected with malware.
Agencies that currently have a Bring Your Own Device policy are not enforcing appropriate policies for those devices among their employees. The study also found that half the agencies do not ban the use of public Wi-Fi and 61% of agencies do not apply their network security policies to mobile devices.
The Federal Endpoint Study shows that major changes have to occur to prepare for the Internet of Things (IoT). With the growth of IoT, federal agencies will see a massive increase in the amount and variety of endpoints,which gives cyber criminals more possible entry points to undertake malicious activity.
After reviewing the results of the study, which was underwritten by Palo Alto Networks, the report suggests the Federal Government needs to take the following steps to prevent, detect and mitigate endpoints threats:
- Secure the endpoints: 80% of Federal IT managers reported that they do not segment endpoints and 59% don’t use real-time patching to fix high priority vulnerability disclosures.
- Secure the network from unknown files: Only 28% of respondents have been able to identify questionable files from endpoints.
- Ensure the network is protected by the users, applications and devices. Half of Federal IT managers said they are not taking key steps needed to validate users and apps.
- Eliminate unregistered endpoint devices. Less than half of the respondents said that their agency requires employees to register their personal devices.
In the past, endpoints were defined only as servers, desktops and laptops, but they have evolved to include anything on the IT network. Despite this, one-third of the respondents have not updated their definition of an endpoint in a decade.
While over half of Federal IT managers admit to using their endpoint device to engage in risky behavior (such as emailing work documents to personal email accounts), they are willing to change their own habits and recommend stricter consequences for employees that violate security policies. 79% would allow their device to be inspected for malware, and 78% recommend removing telework privileges for employees that do not comply.
“Telework is terrific–and the Internet of Things promises to change the world as we know it,” said Steve O’Keeffe, founder, MeriTalk, in a statement. “To stay secure, we need to recognize the importance of automation and preventative medicine in cyber security measures–to ensure the health of our government–and the body politic.”