Despite Better Detection, Careless and Malicious Insider Threats Are on the Rise
*Article written by Jim Hansen, VP of Products, Security and Application Management
According to a 2019 Federal Cybersecurity Survey released this March by IT management software company SolarWinds, careless and malicious insiders topped the list of security threats for federal agencies. Yet, in spite of the increased threats, federal IT security pros believe they are making progress managing risk.
Why the positive attitude despite the increasing challenge? While threats may be on the rise, strategies to combat these threats—such as government mandates, security tools, and best practices—are seeing vast improvements.
Let’s take a closer look at both sides of this complex equation.
Greater threat, greater solutions
According to the Cybersecurity Survey, 56 percent of respondents said the greatest source of security threats to federal agencies is careless and/or untrained agency insiders; 36 percent cited malicious insiders as the greatest source of security threats.
A majority of respondents cited numerous reasons why these types of threats have improved or remained in control, from policy and process improvements to better cyber hygiene and advancing security tools.
• Policy and process improvements: 58 percent of respondents cited “improved strategy and processes to apply security best practices” as the primary reason careless insider threats have improved.
• Basic security hygiene: 47 percent of respondents cited “end-user security awareness training” as the primary reason careless insider threats have improved.
• Advanced security tools: 42 percent of respondents cited “intrusion detection and prevention tools” as the primary reason careless insider threats have improved.
Relative to policy and process improvements, the “NIST Framework for Improving Critical Infrastructure Cybersecurity” topped the list of the most critical regulations and mandates, with FISMA (Federal Information Security Management Act) and DISA STIGs (Security Technical Implementation Guides) following close behind, at 60 percent, 55 percent, and 52 percent of respondents, respectively, citing these as the primary contributing factor in managing agency risks.
There’s also no question that the tools and technologies to help reduce risk are advancing quickly; this was evidenced by the number of tools federal IT security pros rely on to ensure a stronger security posture within their agencies. The following are the tools cited, and the percentage of respondents saying these are their most important technologies in their proverbial tool chest:
• Intrusion detection and prevention tools, 42%
• Endpoint and mobile security 34%
• Web application firewalls 34%
• Fire and disk encryption 34%
• Network traffic encryption 34%
• Web security or web content filtering gateways 33%
• Internal threat detection/intelligence 30%
All this said, training was deemed the most important factor in reducing agency risk, particularly when it comes to reducing risks associated with contractors or temporary workers:
• 53 percent cited “ongoing security training” as the most important factor
• 49 percent cited “training on security policies when onboarding” as the most important factor
• 44 percent cited “educate regular employees on the need to protect sensitive data” as the most important factor
Conclusion
Any federal IT security pro will tell you that although things are improving, managing risk is an ongoing challenge. And, evidenced by the survey responses, there is no one answer or one solution. The most effective way to reduce risk is a combination of tactics, from implementing ever-improving technologies to meeting federal mandates to ensuring all staffers are trained in security best practices.