In particular, the cybersecurity sprint directed agencies to patch critical vulnerabilities, to "review and tightly limit the number of privileged users with access to authorized systems," and to "dramatically accelerate" the use of strong authentication systems such as PIV cards, according to U.S. CIO Tony Scott.
Durbin points to the results of the cybersecurity sprint and the massive data breach at the Office of Personnel Management as strong evidence that simply tightening privilege access isn't enough, that agencies need to adopt multifactor authentication and applications like endpoint and email encryption.
The findings of the Symantec/MeriTalk report indicate that agencies are still playing catch-up in those areas, and significant minorities of respondents say that they cannot tell if or how documents are inappropriately shared or what data gets lost. And fewer than 20 percent of the IT managers polled say they plan to roll out technologies like loss prevention, encryption and digital signatures in the near future.
"The report showed that very few agencies plan to implement critical technologies over the next two years," Durbin says. "Two years to deploy critical technologies is a luxury they don't have. We must also enhance the use of cyberthreat intelligence and implementing data loss prevention strategies."
Sign up for Computerworld eNewsletters.