The Government Accountability Office (GAO) just released a report indicating that weaknesses in security programs persist across many federal agencies. The Federal Information Security Report found persistent weaknesses at all 24 federal agencies examined. These weaknesses were consistent with the findings in 2013, showing very little improvement in data protection, which is worrying given the increase in risks year-by-year.
The major weaknesses identified at federal agencies included:
- Limiting, preventing and detecting inappropriate access to computer resources
- Managing the configuration of software and hardware
- Segregating duties to ensure that a single individual does not have control over all key aspects of a computer-related operation
- Planning for continuity of operations in the event of a disaster or disruption
- Implementing agency-wide security management programs that are critical to identifying control deficiencies, resolving problems, and managing risks on an ongoing basis
In this report, it was revealed that the number of security incidents involving personally identifiable information (PII) at government agencies continues to climb, up to 27,624 incidents in 2014. As noted in the report, until the deficiencies in these programs are resolved, federal agencies will continue to face significant challenges in protecting their information.
The report re-iterates that these weaknesses persist despite the “hundreds of recommendations” made to agencies by the GAO and inspectors general to address deficiencies in their information security controls and weaknesses in their programs. Most of these recommendations have remained unimplemented, which is drawing more public scrutiny of late. As government agencies clamp down on public sector data breaches, their own inadequacies in data protection are under the spotlight.
The increased digital first strategies in the government sector places even greater strain on inadequate data security policies, which must change in order to keep pace with new risks. Government customers trust Absolute as a proven partner and a technology leader in persistent endpoint security and data risk management. Learn more about Absolute’s solutions to address data security and mobility in the public sector here.