cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Federal IT Pros Optimistic About Security, but Insider Threats Remain a Challenge

Level 12

Omar Rafik, SolarWinds Senior Manager, Federal Sales Engineering

Here’s an interesting article by my colleague Jim Hansen about the state of security and insider threats for the federal government and what’s working to improve conditions. We’ve been doing these cyber surveys for years and I always find the results interesting.

Federal IT professionals feel threats posed by careless or malicious insiders and foreign governments are at an all-time high, yet network administrators and security managers feel like they’re in a better position to manage these threats.

Those are two of the key takeaways from a recent SolarWinds federal cybersecurity survey, which asked 200 federal government IT decision makers and influencers their impressions regarding the current security landscape.

The findings showed enterprising hackers are becoming increasingly focused on agencies’ primary assets: their people. On the bright side, agencies feel more confident to handle risk thanks to better security controls and government-mandated frameworks.

People Are the Biggest Targets

IT security threats posed by careless or untrained insiders and nation states have risen substantially over the past five years. Sixty-six percent of survey respondents said things have improved or are under control when it comes to malicious threats, but when asked about careless or accidental insiders, the number decreased to 58%.

Indeed, hackers have seen the value in targeting agencies’ employees. People can be careless and make mistakes—it’s human nature. Hackers are getting better at exploiting these vulnerabilities through simple tactics like phishing attacks and stealing or guessing passwords. The most vulnerable are those with access to the most sensitive data.

There are several strategies agencies should consider to even the playing field.

Firstly, ongoing training must be a top priority. All staff members should be hyper-aware of the realities their agencies are facing, including the potential for a breach and what they can do to stop it. Simply creating unique and undetectable passwords or reporting suspicious emails might be enough to save the organization from a perilous data breach. Agency security policies must be updated and shared with the entire organization at least once a month, if not more. Emails can help relay this information, but live meetings are much better at conveying urgency and importance.

Employing a policy of zero trust is also important. Agency workers aren’t bad people, but everyone makes mistakes. Data access must be limited to those who need it and security controls, such as access rights management, should be deployed to monitor and manage access.

Finally, agencies must implement automated monitoring solutions to help security managers understand what’s happening on their network at all times. They can detect when a person begins trying to access data they normally wouldn’t attempt to retrieve or don’t have authorization to view. Or perhaps when someone in China is using the login credentials of an agency employee based in Virginia. Threat monitoring and log and event management tools can flag these incidents, making them essential for every security manager’s toolbox.

Frameworks and Best Practices Being Embraced, and Working

Most survey respondents believe they’re making progress managing risk, thanks in part to government mandates. This is a sharp change from the previous year’s cybersecurity report, when more than half of the respondents indicated regulations and mandates posed a challenge. Clearly, agencies are starting to get used to—and benefit from—programs like the Risk Management Framework (RMF) and Cybersecurity Framework.

These frameworks help make security a fundamental component of government IT and provide a roadmap on how to do it right. With frameworks like the RMF, developing a better security hygiene isn’t a matter of “should we do this?” but a matter of “here’s how we need to do this.” The frameworks and guidelines bring order to chaos by giving agencies the basic direction and necessities they need to protect themselves and, by extension, the country.

A New Cold War

It’s encouraging to see recent survey respondents appearing to be emboldened by their cybersecurity efforts. Armed with better tools, guidelines, and knowledge, they’re in a prime position to defend their agencies against those who would seek to infiltrate and do harm.

But it’s also clear this battle is only just beginning. As hackers get smarter and new technologies become available, it’s incumbent upon agency IT professionals to not rest on their laurels. We’re entering what some might consider a cyber cold war, with each side stocking up to one-up the other. To win this arms race, federal security managers must continue to be innovative, proactive, and smarter than their adversaries.

Find the full article on Federal News Network.

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.

11 Comments
MVP
MVP

Phishing and social engineering are the 2 biggest things to the untrained person for any company or federal entity.

Level 13

Thanks for the Article

Level 13

Thanks for the article! 

Level 12

When I'm bored in an airport, sometimes I set my wifi NIC to promiscuous mode and run a packet capture, looking for how many passwords I can find. There are a shocking number of businesses not encrypting email and I really hope government IT staff understands the need for security.

MVP
MVP

Thanks for the article.

Level 15

Thanks for the write up.

Level 10

We have a policy where nothing can be connected to a USB port on a user's PC without the connected device being encrypted. The PC asks if you want to encrypt the device or disconnect it. I get the intent, but it is definitely a pain to work with. A networking device loses its mind and you need to download the code from Cisco? You need a variance from corporate to connect a flash drive to the computer and copy over the code to bring it back online. In the meantime, most of the company is down. Yeah, that is helpful.

MVP
MVP

we block usb ports period unless you have a security exception which has to be reviewed at least once per year but could be as frequent as once per quarter.

MVP
MVP

Most companies trust their employees, which they should - if you can't trust the person they should not be a part of your company. However, we are human and make mistakes - and then there are those that get upset and seek revenge. It's critical that every organization protect themselves for these possibilities. That's why I mention Zero Trust at every opportunity.

Level 12

thanks for the post

A friend of mine, who practiced medicine as a Child Psychologists for most of his life, developed a ready response regarding trust:  "People are just no good, and never will be!"  He's seen some of the worst cases of abuse of children or spouses, along with families that are just plain toxic.  When we create or allow or ignore those kinds of people, we in IT are forced to deal with the consequences, some of which are people who intentionally compromise security, both inside and out.

Until we can get a handle on raising children into ethical adults, and instantly detecting anti-social online behavior, we'll be stuck playing the game of trying to fix security issues discovered or created by people who have poor morals and no integrity.