“Cyber-based risks to federal systems and information can come from unintentional threats, such as natural disasters, software coding errors and poorly trained or careless employees, or intentional threats, such as disgruntled insiders, hackers or hostile nations,” the report warned.
The threat sources may exploit vulnerabilities in US agencies' systems and networks to steal or disclose sensitive information, among other things, the GAO cautioned.
“GAO reported in September 2015 that most of 24 major agencies had weaknesses in at least three of five major categories of information security controls for fiscal year 2014,” the report noted.
Inspectors general for 23 of 24 US government agencies that the GAO investigated, including the Department of Education, cited information security as a major management challenge, the report added.