Nearly one-third of federal agencies experience a cybersecurity incident daily, according to a new survey by CDW Government, Inc. (CDW-G). The report, based on a September survey of 300 federal IT security professionals, underscores the seriousness of threats against every government agency. The number and severity of cybersecurity incidents stayed the same or increased in the last year, according to the survey.

"Fundamentally, cybersecurity is not just a technology issue--it is a management and cultural challenge for Federal agencies," said Andy Lausch, vice president of federal sales for CDW-G. "Federal IT security professionals are engaging in the cybersecurity war on multiple fronts, and they need the participation of the Federal employees, managers and senior staff that they support.

"First and foremost, Federal IT security professionals are calling for increased end-user education, both to reduce internal cybersecurity incidents and to close the door to external threats."

Government security professionals say external sources are their agency's biggest threat, overall. Defense agencies say state-sponsored cybersecurity-warfare programs are the most significant external cybersecurity issue.

But don't forget about internal threats. The report noted that internal threats include inappropriate web surfing, lax user authentication and loss of computing devices add to the threats facing federal agencies.

Among the findings:

* Agency cybersecurity requirements are growing as a result of all these threats.

* Malware and access control issues are the top challenges.

* Federal agencies participating in the Trusted Internet Connections program say the program helped improve their cybersecurity defenses.

* Only half the IT professionals surveyed say they have a big enough budget to deal with these challenges.

But there is some good news in this survey. More than 80 percent of the agencies are providing ongoing training classes on security policies and procedures. CDW-G also recommends a number of policies to help federal agencies fortify their cybersecurity defenses, including:

* Measuring training success and communicating security policies that include guidelines for use.

* Dealing with the mobile threat. Implementing a tiered security architecture for mobile access.

* Implementing basic cybersecurity tools across the agency enterprise.

* Adopting the Federal Trusted Internet Connections (TIC) program, which reduces the number of agency Internet connections.

At the end of the day, Lausch said, it is the user's responsibility to help prevent security lapses. "It is time for computer users to step up and take an active role in cybersecurity efforts," he said. "Much like Americans have made recycling an everyday task, it is time for users to form a new habit--making smart, network-protecting activity a part of their daily routines."

For more on CDW-G's cybersecurity recommendations:
- read the report

Related Articles:
DHS to hire 1,000 cybersecurity experts
How much do the Feds spend on cybersecurity?
Next up: Kundra's cybersecurity dashboard