In fact at least half of reported cybersecurity breaches are caused by staff, according to the Associated Press. They have fallen victim to the most basic of cyberattacks, including opening phishing emails, surfing sites full of malware and being tricked into revealing information.

US Struggle Against Cyberattacks

The actions of staff members are undermining a $10 billion-per-year initiative to prevent leaks. As well as those who act unwittingly, there are also a select few such as Edward Snowden who knowingly disseminate sensitive data.

Cyberattacks

Cybersecurity is of paramount importance in today’s society, but the federal government is not required to publicize its data losses by law. In order to throw some light on the issue, the AP sent dozens of Freedom of Information Act requests as part of a wider investigation into hacking, which revealed that the government is struggling to hold its own against quickly evolving cyber enemies.

The number of incidents more than doubled from 2009 to 2013, and employees are often at fault. According to an annual White House review, the breakdown is as follows: around 21% of federal breaches were blamed on government workers who violated policies; 16% who lost equipment or had it stolen; 12% who improperly handled sensitive printouts; at least 8% who ran or installed malicious software; and 6% who were tricked into sharing private information.

“No matter what we do with the technology … we’ll always be vulnerable to the phishing attack and … human-factor attacks unless we educate the overall workforce,” claimed Eric Rosenbach, Assistant Secretary of Defense for Homeland Defense and Global Security.

Government response

Projected government spending on cybersecurity contracts totals $65 billion between 2015 and 2020. Many experts believe that more investment is required to fully protect sensitive data against attacks from different groups of hackers with varying motives.

Some attacks have seen Russia, Iran and China named as suspects, whereas others seek out valuable commercial data for financial gain. Conviction rates for hackers are notoriously low.