Although federal agencies identify careless or untrained insiders as the top threat to federal cybersecurity, agencies continue to devote the most concern and resources to malicious external threat sources, according to IT software management company SolarWinds.
In partnership with research firm Market Connections, SolarWinds conducted an online survey of 200 federal IT professionals to investigate insider threats to federal cybersecurity and gauge federal agencies’ confidence and ability to combat external and internal IT security threats.
"SolarWinds’ survey delves into the sources and types of threats posing critical cybersecurity challenges to federal IT agencies and whether or how agencies are reacting,” said Market Connections, Inc. Director of Research Services Laurie Morrow. “Federal IT Professionals can benefit from this research by shifting their perspectives on monitoring their IT infrastructures to ensure they can identify internal and external threat sources and secure the appropriate resources to mitigate them quickly."
The results of the survey found over half of those surveyed—including 55 percent of Department of Defense (DoD) respondents—identified careless and untrained insiders as the greatest source of IT security threats at their agencies.
This is a sizeable jump from the 42 percent of respondents identifying accidental insiders as a top security threat in a similar survey conducted by SolarWinds last year.
Nearly half of the respondents said government data is most at risk of breach from employees’ or contractors’ desktops or laptops, followed by phishing attacks (49 percent), data copied to insecure devices (44 percent), accidental deletion or modification of critical data (41 percent) and use of prohibited personal devices (37 percent).
While notorious former defense contractor Edward Snowden’s massive leak of classified information in 2013 raised awareness of the potential damage a malicious insider can cause, 56 percent of respondents believe breaches caused by accidental insiders are as damaging as or more damaging than those caused by malicious insiders.
"Pointing to hackers, terrorists or foreign governments as the top threats to our government’s security seems obvious, especially given the hype that surrounds huge corporate hacks and acts of terrorism,” said Chris LaPoint, SolarWinds’ group vice president of product management.
“Even intentional insider security breaches such as Edward Snowden’s raise valid concerns and demand prevention investment," LaPoint said. "But who could imagine that their own colleagues could accidentally cause security breaches with comparable impact to those executed with malicious intent? Still, data loss can easily become data stolen, and agencies that ignore these accidental insider threats may well be doing so to their own detriment."
However, investment to curb the insider threat is falling short. Although careless/untrained insiders beat out malicious external sources, such as hackers and terrorists, as the top security threat, the survey results indicate that concern and investment are still focused on external threat sources.
Over the past two years, federal agencies have increased investment in malicious external threat prevention. However, less than half did so for the accidental insider and, in some cases, investment in insider threat prevention decreased.
The respondents identified a number of threats to insider threat detection, including a high volume of network activity, lack of IT staff training, growing use of cloud services, pressure to change IT configurations quickly more so than securely, use of mobile devices, cost of sophisticated tools, and growing adoption of Bring-Your-Own-Device (BYOD).
To mitigate the accidental insider threat, half of the respondents said internal security training is a crucial tool. Other top tools to prevent accidental insider threats include identity and access management (39 percent), internal threat detection and intelligence (36 percent), intrusion detection and prevention (32 percent), SIEM or log management (31 percent) and network admission control (31 percent).
In addition, the surveyed federal IT professionals found web application firewalls to be the most important tool to address the malicious insider threat.
"Contrasting the prevalence of insider IT security threats against a general lack of threat prevention resources and inconsistently enforced security policies, federal IT Pros absolutely must gain visibility into insider actions to keep their agencies protected," LaPoint said. "However, given the unpredictability of human behavior, the ‘Why?’ of those actions is an elusive query."
Continuing, LaPoint said, "Fortunately, there are IT management solutions that can help identify who is doing what, and even point to where and when, empowering federal IT Pros to isolate the threats and address them before the agency’s security is in peril."