By Joe Kim, SolarWinds Chief Technology Officer
In the past, cybersecurity threats were thought to come solely from malicious activity outside an organization, so agencies focused on protecting sensitive information from foreign governments, hackers, and more. Today, however, careless or untrained employees are just as dangerous to network security as malicious threats.
In fact, according to the results of SolarWinds' third annual federal Cybersecurity Survey, 48 percent of federal IT pros cited careless or untrained insiders as one of the greatest sources of IT security threats to their agency -- the third consecutive year (2014-2016) insider threats topped the list. Most recently those insiders tied foreign governments as the greatest security threat for federal agencies. Many security breaches were also reported to have been caused by human error, phishing, and malware.
Sources of security threats
General hacking community
For federal security pros, this means that protecting the network has become much harder. Not only must agencies continue to mitigate threats from foreign governments and hacktivists, but they must also protect the network from agency personnel, which can be a far more unpredictable challenge.
Expecting the unexpected
User error is nothing new. Federal IT pros have been dealing with this since the first bits passed over the first pulled wires. The challenge is that careless users are not getting any more careful, yet the information and data they can access has become much more personal and, in some cases, critical to the agency mission.
What’s the solution? While there is no one single answer, federal IT pros have found that a combination of products presents a formidable security barrier. In fact, most respondents to the aforementioned survey said they use an average of five different tools in conjunction to get the job done. Among the most valuable solutions cited were:
- Smart card/common access card
- Identity and access management
- Patch management
- Configuration management
- Security information and event management (SIEM)
- Web application management
Of these tools, users reported the following three as being particularly effective:
- Patch management software decreased the time to detect and respond to IT security incidents. Agencies using patch management software are far more likely to detect -- within minutes -- rogue devices, denial of service attacks and unauthorized configuration changes.
- Configuration management software also cut response time for security incidents.
- SIEM tools helped agencies detect phishing attacks within minutes as well as almost all threats presented within the survey.
At the end of the day, federal IT pros understand that users will not change, and threats will continue to escalate. The solution is to evolve agency IT security practices to expect the unexpected and implement the most effective combination of tools to create the strongest security posture possible.
Find the full article on Government Computer News.