The 6 Elements of a Government Insider Threat Program

Insider threats are a persistent problem for government agencies and it’s no longer an IT problem. According to, 21% of breaches can be traced back to security indiscretions by federal workers (although other source point to the number being as high as 50%).

So it’s no surprise that preventing and mitigating these threats was a hot topic at this year’s Symantec Government Symposium in Washington, D.C.

But what best practices and considerations make up the elements of an insider threat program? A group of panelists from industry and government shared their ideas. Here are their recommendations (you can also listen to them via podcast, check out session E-1 here):

  1. Educate the Workforce

Security is everyone’s business,” explained Sheila Jordan, Senior Vice President and Chief Information Officer, Symantec.

In the CIO’s world, this means devising campaigns that educate and inform employees that security isn’t a one-off incident that you hear about on the news. It’s a collective responsibility. Employees need to understand how it impacts their behavior. Unintentional acts, like taking a USB drive home loaded with source code and working on it on an unprotected network, is where a big area of focus needs to be, stressed Jordan.

In Fairfax County, VA, government employees are taught about what data means to them personally (how they use data at home or what their kids are doing online) and then applies those same risk and concerns to the business. “In doing so they start to take protecting data a little more seriously, especially when the understand that it’s the citizen that gets affected when that data Is compromised,” explained Fairfax County’s CISO, Michael Dent.

  1. Put the Onus on Data Owners

Fairfax County takes that premise that security is not just an IT issue one step further. With over 60 different internal businesses, the County puts the onus back on the data owners. Employees sign responsibility statements so that they know what they’re can and cannot do with agency data. “IT is the data steward, but the data owners are the ones responsible for how it’s protected. Once you put that risk back on the data owners the response is amazing,” said Dent.

  1. It’s not Just Employees

Insider threats are not just your employees, they’re contractors, vendors and even volunteers, said Dent.

We had a vendor who took data from the county on a USB, very innocently…But he ended up exposing county data for over two years on an unsecured company-based file share.”

Wherever possible, education, policy and technology need to extend beyond the limits of your staff.

  1. Go Beyond Protecting the Perimeter

Firewalls, intrusion detection systems, access management controls, are all great point solutions but managing the insider threat must take a different approach said Prem Jadhwani, CTO with Government Acquisitions, a solution provider to the federal government. “The tools and the solutions are the same, but they need to be fine-tuned. It’s not about how secure your password is it’s about where your data lies, where are these assets? Who are those privileged users who can take advantage of this data and how are we monitoring the user behavior?”

This visibility is still missing across the board, continued Jadhwani. “I see wonderful point products all over the place but they don’t talk to each other. The real value, the real intelligence comes when there is context and information sharing.”

  1. Big Data is Key

Key to this context and sharing is big data.

It can take eight months to discover a security breach and another three to respond. These are scary statistics, but technology has come a long way in protecting government IT. Big data, in particular, is key to solving cybersecurity issues, said Prem Jadhwani.

If there are over 5,000 events per second in a big agency, how are you going to mine that data when you’re looking for a needle in the hay stack?” With so many silos of information, big data can help analyze patterns and risky behaviors making it easier to predict, discover and resolve cyber threats before they do real harm.

We are not at that stage yet, but there are technologies and tools, like Symantec’s, that will allow us to get there,” said Jadhwani.

  1. Collaboration Plays a Part Too

Collaboration across agencies and organizations is key. Not only to share best practices and monitor potential threat activity, but to help drive policy change at an executive government level.

More Information

For more insights from the Symposium, check out these on-demand podcasts from each session.

Listen to the Podcast