A federal focus on cyber threats from nation-states and foreign hackers may miss the real danger presented by insider threat, according to a recent survey from SolarWinds, which surveyed information technology and information security decision makers in the federal government, military and intelligence spheres.
“Pointing to hackers, terrorists or foreign governments as the top threats to our government’s security seems obvious. . . . But who could imagine that their own colleagues could accidentally cause security breaches with comparable impact to those executed with malicious intent?” stated Chris LaPoint, SolarWinds’ group vice president of product management. SolarWinds collaborated with Market Connections on the survey of 200 individuals to measure the effectiveness of cybersecurity efforts in the federal government.
Preparation for internal cybersecurity threats including “careless and untrained insiders” could be as important if not more so than preparing for external sources of cyber risk such as hackers and terrorists. However, respondents hinted that the federal government’s cybersecurity teams might not realize this.
“Interestingly we have positioned ourselves relatively strongly against external threats, but it is the accidental or malicious insider threat which has caused us more problems. People do what they want to do and there are so many people (particularly younger) who view security as interference and also have some skills to successfully work around security protocols,” stated a director of operations at the Department of Defense’s Defense Contract Management Agency (DCMA).
Feedback for the survey showed that over half (53 percent) of federal IT experts feel that “careless and untrained” insiders are actually the biggest threat to the government and their actions or inactions can be just as harmful as intentional attacks, compared to 42 percent in a survey conducted last year. And if insiders with no malevolent intent are that much of a threat, 64 percent of respondent said that “malicious insider threats” can be just as damaging or more so than external threats from foreign governments or terrorists.
The most precarious data for the government is currently contained on employees’ or contractors’ computers, both desktop and laptop, according to almost half of respondents. The survey revealed that the primary causes of accidental insider breaches include phishing attacks (49%), data copied to insecure devices (44%), accidental deletion or modification of critical data (41%) and use of prohibited personal devices (37%).
And per the respondents, the feds simply aren’t paying enough attention to the problem. The survey highlighted budget problems as the major obstacle to investing in IT security, but this seems to be less of a challenge than last year – and yet there has been little improvement on insider threat. Federal agencies appear to feel that they need to focus mainly on external sources of harm. Insufficient training and use of mobile devices were also noted as challenges to quelling insider threat.
“Fortunately, there are ways to identify and thwart malicious insider activity. Key activities agencies can do include monitoring connections and devices on the network, and maintaining logs and data of user activity,” noted SolarWind in the survey. “In this way, IT pros can assess where on the network certain activity took place, when it occurred, what assets were on the network and who was logged into those assets.”
Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].
