Careless and Untrained Insiders Identified as Top Source of Security Threats to Federal Agencies, but Concern and Investment Still Focused on Malicious External Threat Sources; SolarWinds Examines Policies, Processes and Threat Prevention Tools to Address Lack of Internal Visibility
HERNDON, VA--(Marketwired - Jan 26, 2015) - SolarWinds (NYSE: SWI), a leading provider of powerful and affordable IT performance management software, today announced the results of its cybersecurity survey, in which federal IT Professionals exposed a need for internal cybersecurity threat prevention. Respondents identified careless and untrained insiders as their greatest source of cybersecurity threats -- over malicious external sources such as hackers and terrorists -- yet disparately reported that malicious external threat sources maintained priority for threat prevention investment.
In December 2014, Market Connections, a leading government market research provider, in conjunction with SolarWinds conducted its second annual blind survey* of 200 IT and IT security decision makers in the federal government, military and intelligence communities in an effort to uncover their most critical IT security challenges and to determine how to make potential security threats visible so IT can confront them. Respondents weighed in on top cybersecurity threat sources, obstacles to threat prevention, necessary tools for threat prevention, and their concerns, investment and policies regarding cybersecurity.
Insider threats now most prevalent and damaging to government agencies
- More than half (53%) of federal IT Pros identified careless and untrained insiders as the greatest source of IT security threats at their agencies, up from 42 percent last year.
- Nearly two-thirds (64%) believe malicious insider threats to be as damaging as or more damaging than malicious external threats, such as terrorist attacks or hacks by foreign governments. Further, 57 percent believe breaches caused by accidental or careless insiders to be as damaging as or more damaging than those caused by malicious insiders.
- Nearly half of respondents said government data is most at risk of breach from employees' or contractors' desktops or laptops. Top causes of accidental insider breaches include phishing attacks (49%), data copied to insecure devices (44%), accidental deletion or modification of critical data (41%) and use of prohibited personal devices (37%).
Investment in insider threat prevention falls short
- While 29 percent of federal IT Pros said budget constraints are the single most significant obstacle to maintaining or improving IT security, this figure is down from 40 percent last year, yet investment is still not increasing for insider threat prevention.
- Although most agencies increased investment over the past two years to address malicious external threats (69%), less than half did so for malicious insider threats (46%) or accidental insider threats (44%). In fact, some said investment decreased for insider threats (9%).
- Insider threat detection difficulties also include a high volume of network activity (40%), lack of IT staff training (35%), growing use of cloud services (35%), pressure to change IT configurations quickly more so than securely (34%), use of mobile devices (30%), cost of sophisticated tools (27%), and growing adoption of BYOD (27%).
- Although 85 percent of federal IT Pros said they have formal IT security policies, 46 percent noted insufficient security training for employees as an obstacle to threat prevention.
"Contrasting the prevalence of insider IT security threats against a general lack of threat prevention resources and inconsistently enforced security policies, federal IT Pros absolutely must gain visibility into insider actions to keep their agencies protected. However, given the unpredictability of human behavior, the 'Why?' of those actions is an elusive query," said Chris LaPoint, group vice president of product management, SolarWinds. "Fortunately, there are IT management solutions that can help identify Who is doing What, and even point to Where and When, empowering federal IT Pros to isolate the threats and address them before the agency's security is in peril."
Solution: Identify and thwart malicious insider activity
- By monitoring connections and devices on the network, and by maintaining logs and data of user activity, IT Pros can assess WHERE on the network certain activity took place, WHEN it occurred, WHAT assets were on the network and WHO was logged into those assets.
- WHAT is (and was) on the network? Solutions that monitor network performance for anomalies, track devices, offer network configuration and change management, manage IT assets, and monitor IP addresses keep federal IT Pros aware of the objects and traffic on their networks.
- User device tracking software, IP address management, security information and event management (SIEM), and log and event management software can point to WHO and WHAT are responsible for certain activity on the network and accelerate the identification and termination of suspicious activity.
- Additionally, after internal security training, respondents identified the top types of tools to prevent accidental insider threats as identity and access management (39%), internal threat detection and intelligence (36%), intrusion detection and prevention (32%), SIEM or log management (31%), and Network Admission Control (31%).
"Pointing to hackers, terrorists or foreign governments as the top threats to our government's security seems obvious, especially given the hype that surrounds huge corporate hacks and acts of terrorism. Even intentional insider security breaches such as Edward Snowden's raise valid concerns and demand prevention investment. But who could imagine that their own colleagues could accidentally cause security breaches with comparable impact to those executed with malicious intent? Still, data loss can easily become data stolen, and agencies that ignore these accidental insider threats may well be doing so to their own detriment."
- Chris LaPoint, Group Vice President of Product Management, SolarWinds
"Interestingly we have positioned ourselves relatively strongly against external threats, but it is the accidental or malicious insider threat which has caused us more problems. People do what they want to do and there are so many people (particularly younger) who view security as interference and also have some skills to successfully work around security protocols."
- Director of Operations, DCMA
"Our security holes begin at the top. [Senior management expects] that they are protected and they are above any security holes -- to the effect, they insist on admin rights to network resources. The administration supports this view and turn a 'blind eye' to the risk."
- Network Manager, Federal Agency
"SolarWinds' survey delves into the sources and types of threats posing critical cybersecurity challenges to federal IT agencies and whether or how agencies are reacting. Federal IT Professionals can benefit from this research by shifting their perspectives on monitoring their IT infrastructures to ensure they can identify internal and external threat sources and secure the appropriate resources to mitigate them quickly."
- Laurie Morrow, Director of Research Services, Market Connections, Inc.
SolarWinds Solutions for Government
- SolarWinds software is available on the U.S. General Services Administration (GSA) Schedule, Department of Defense ESI, and other contract vehicles.
- U.S. Government certifications and approvals include Army CoN, Air Force APL, Navy DADMS; and Technical Requirements include FIPS compatibility, DISA STIGs, National Institute of Standards and Technology (NIST) compliance and Common Criteria EAL 2 Certification, Section 508 VPATs.
- SolarWinds also has hundreds of built-in automated compliance reports, which meet requirements of all major auditing authorities, including DISA STIG, FISMA, NIST, and more.
- SolarWinds' thwack online user community provides a number of out-of-the-box compliance report templates available to download for free that are designed to help users prepare for an inspection. thwack also provides information on Smart Card and Common Access Card (CAC) product support.
- Whiteboard Blog: Investigating Threats to Federal Cybersecurity - Where to Look and What to Do about Them
- Survey Slideshare: SolarWinds Federal Cybersecurity Survey 2015
- Video: SolarWinds IT Management & Monitoring for Government
*In December 2014, Market Connections surveyed 200 IT security professionals in federal government and military service in conjunction with SolarWinds. Full survey results are available upon request
FEDERAL TEAM CONTACT:
Lisa M. Sherwin Wulf
Federal Marketing Leader | SolarWinds – The Power To Manage IT
NEW office number: 703-386-2628