Feds are Ignoring Insider Threats to Cybersecurity, New Survey Reveals

One of the biggest threats to the security of government data and systems doesn’t come from rogue hackers or nations, it comes from within. As we revealed in The 4 Biggest Cybersecurity Threats of 2014, the careless and untrained government employees represent the top source of security threats to federal agencies.

A recent survey of federal IT professionals by DLT partner, SolarWinds, in conjunction with Market Connections corroborated what we found and reveals that it’s getting worse:

  • More than half (53%) of federal IT Pros identified careless and untrained insiders as the greatest source of IT security threats at their agencies, up from 42% in 2013.
  • 64% believe malicious insider threats to be as damaging as or more damaging than malicious external threats, such as terrorist attacks or hacks by foreign governments.
  • Nearly half of respondents said government data is most at risk of breach from employees' or contractors' desktops or laptops. Top causes of accidental insider breaches include phishing attacks (49%), data copied to insecure devices (44%), accidental deletion or modification of critical data (41%) and use of prohibited personal devices (37%).

Investment in Insider Threat Prevention Falls Short

Despite the clear threat, very little is being done to address the risk exposure that agencies face. Instead, investment is still focused on threats from external sources.

The survey found that although most agencies increased investment over the past two years to address malicious external threats (69%), less than half did so for malicious insider threats or accidental insider threats. In fact, some said investment decreased for insider threats.

The challenges to threat detection are various – high volume of network activity, lack of IT staff training, growing use of cloud and mobile, among others.

"Contrasting the prevalence of insider IT security threats against a general lack of threat prevention resources and inconsistently enforced security policies, federal IT Pros absolutely must gain visibility into insider actions to keep their agencies protected. However, given the unpredictability of human behavior, the 'Why?' of those actions is an elusive query," said Chris LaPoint, group vice president of product management, SolarWinds.

Fixing and Thwarting Insider Threats

SolarWinds recommends the following strategy for identifying and thwarting malicious insider activity:

  • By monitoring connections and devices on the network, and by maintaining logs and data of user activity, IT Pros can assess WHERE on the network certain activity took place, WHEN it occurred, WHAT assets were on the network and WHO was logged into those assets.
  • WHAT is (and was) on the network? Solutions that monitor network performance for anomalies, track devices, offer network configuration and change management, manage IT assets, and monitor IP addresses keep federal IT Pros aware of the objects and traffic on their networks.
  • User device tracking software, IP address management, security information and event management (SIEM), and log and event management software can point to WHO and WHAT are responsible for certain activity on the network and accelerate the identification and termination of suspicious activity.

Check out these resources and learn more about what SolarWinds has to offer in terms of IT management tools that are easy to buy, install, scale, use, and maintain.

photo credit: perspec_photo88 via photopin cc