The Inside Job: Agencies Struggle to Prevent Cyberattacks from Within
Defending against insider threats is a top priority for the U.S. government. When surveyed by MeriTalk, 85% of federal cybersecurity professionals say their agency is more focused on combating insider threats in 2017 than they were just a year ago.
An insider threat is manifested as an incident when a person with authorized access to government personnel, facilities, networks and systems, or equipment, uses those resource to harm the security of the United States. Perhaps the most notorious players are Edward Snowden and Chelsea Manning, but insiders are perpetrating cyber incidents each day.
42% of those surveyed said their agency has been targeted by insider threats, even though 86% said they have a formal insider threat prevention program. Why is that?
1. Agencies have incomplete formal prevention efforts
Many agencies lack systems for reporting and maintaining records on data loss and insider incidents. Over 60% have neither. While 40% don’t have formal threat response protocols and only 55% have employee training programs.
2. Gaps in critical technology
Agencies that have lost data to insider incidents are less likely to use key technologies agency-wide. For example, only 23% of these agencies have implemented continuous monitoring. While 69% of those that have not lost data have continuous monitoring in place. Similar responses were given for incident response technologies, data loss prevention, and identity and access management.
3. Cloud complications
As more applications and systems move to the cloud, 59% of agencies say it’s become more difficult to detect insider threats.
Combating the Risk
How can agencies better minimize data loss from insider threats? In addition to following government guidance as defined in NIST’s Cybersecurity Framework to facilitate the measurement, mitigation and reduction of risk, agencies also need to incorporate technology to help enforce, protect, manage and extend policies and guidance.
How to Build an Insider Threat Program
The most effective way to develop an insider threat program is through a multi-layered approach based on vendor agnostic cybersecurity best practices and proven technology.
For tips and guidance on doing so, check out the whitepaper: Implementing an Effective Insider Threat Program.