cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Careless and Malicious Insider Threats Are on the Rise Despite Better Detection

Level 12

Omar Rafik, SolarWinds Senior Manager, Federal Sales Engineering

Here’s an interesting article by my colleague Jim Hansen reviewing data from our cybersecurity survey, including details on how agencies are combatting threats.

According to a 2019 Federal Cybersecurity Survey released last year by IT management software company SolarWinds, careless and malicious insiders topped the list of security threats for federal agencies. Yet, despite the increased threats, federal IT security pros believe they’re making progress managing risk.

Why the positive attitude despite the increasing challenge? While threats may be on the rise, strategies to combat these threats—such as government mandates, security tools, and best practices—are seeing vast improvements.

Greater Threat, Greater Solutions

According to the Cybersecurity Survey, 56% of respondents said the greatest source of security threats to federal agencies is careless and/or untrained agency insiders; 36% cited malicious insiders as the greatest source of security threats.

Most respondents cited numerous reasons why these types of threats have improved or remained in control, from policy and process improvements to better cyberhygiene and advancing security tools.

•Policy and process improvements: 58% of respondents cited “improved strategy and processes to apply security best practices” as the primary reason careless insider threats have improved.

•Basic security hygiene: 47% of respondents cited “end-user security awareness training” as the primary reason careless insider threats have improved.

•Advanced security tools: 42% of respondents cited “intrusion detection and prevention tools” as the primary reason careless insider threats have improved.

“NIST Framework for Improving Critical Infrastructure Cybersecurity” topped the list of the most critical regulations and mandates, with FISMA (Federal Information Security Management Act) and DISA STIGs (Security Technical Implementation Guides) following close behind, at 60%, 55%, and 52% of respondents, respectively, citing these as the primary contributing factor in managing agency risks.

There’s also no question the tools and technologies to help reduce risk are advancing quickly; this was evidenced by the number of tools federal IT security pros rely on to ensure a stronger security posture within their agencies. The following are the tools cited, and the percentage of respondents saying these are their most important technologies in their proverbial tool chest:

•Intrusion detection and prevention tools 42%

•Endpoint and mobile security 34%

•Web application firewalls 34%

•Fire and disk encryption 34%

•Network traffic encryption 34%

•Web security or web content filtering gateways 33%

•Internal threat detection/intelligence 30%

Training was deemed the most important factor in reducing agency risk, particularly when it comes to reducing risks associated with contractors or temporary workers:

•53% cited “ongoing security training” as the most important factor

•49% cited “training on security policies when onboarding” as the most important factor

•44% cited “educate regular employees on the need to protect sensitive data” as the most important factor

Conclusion

Any federal IT security pro will tell you although things are improving, there’s no one answer or one solution. The most effective way to reduce risk is a combination of tactics, from implementing ever-improving technologies to meeting federal mandates to ensuring all staffers are trained in security best practices.

Find the full article on our partner DLT’s blog Technically Speaking.

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.

15 Comments
Level 13

Thanks for the article!

Level 12

Interesting read. I understand "disk encryption" but I don't understand "Fire and disk encryption." I was also confused a bit about the "primary reason" section. I am assuming respondents were allowed to select more than one "primary reason" in order for the percentages added together to be more than 100%.

MVP
MVP

You should read the survey results linked in this article for better clarification as the article doesn't go far enough in reporting the information.

The 30 pages of results while a bit long is a much better read with more meaningful detail that puts things in better context.

Level 13

Thanks. Got a chuckle out of the cyberhygiene term - hadn't heard that one before.  I think it's interesting that careless/untrained insiders topped the security threat list at 56%, but lack of training was near the bottom of the obstacles at 5%.  Seems a  bit at odds. I'm not saying it's bad data - just interesting those are so far apart.  Maybe training is available but no one uses it, maybe the majority of the threat is carelessness (but why would you include lack of training then?) or maybe it's just a polite way of saying we've got the training but no one is using it.

Level 12

Thanks Jfrazier​ for recommending the survey results. The survey asked for "main reasons" so this article stating "primary reason" was throwing me off.

MVP
MVP

I noticed the fluctuation in traffic after we killed the General in Iran.  Due to that single situation, I am blocking one by one, each and every Country that is attempting to hit my network.   I know that the real threats come from here in the US, but it makes me feel better blocking Regions of the world that have no business in our business!  Thanks for the article orafik 

MVP
MVP

Thanks for the article.

Level 13

Thanks for the Article

MVP
MVP

User eh. Pfft.

Level 12

thanks for the article

Level 15

Thanks for the write up

Level 8

Thanks for the article.

Level 12

I expect that was meant to read "file and disk encryption".

As for the end-users, that is a constant battle.  There are some out there who just can't help clicking on links and files no matter how many training sessions they are made to attend.

On the other side the social engineering is constantly being improved as the malicious people learn from their mistakes and trying new tactics, hence internal security scanning is always going to be essential.

Level 12

Training helps with the carelessness aspect, but I still think that jobs need to be risked when someone is repeatedly careless after training. I've seen too many cases where security isn't taken this seriously and bad things happen.

Level 11

so no muppets were harmed in the making of this post? actually a fun read.  I doubt anyone will ever make the perfect mousetrap.