Agencies identify insiders as major threat to cybersecurity
Across the federal government, agency leaders are making cybersecurity a priority. There is a growing awareness that failure to focus on these issues will put departments at risk of data loss, theft or exposure. From state-sponsored hackers to cybercriminals, the threats agencies face continue to grow and evolve, putting the government and the nation as a whole at risk.
However, as a recent survey revealed, federal IT leaders concerned with cybersecurity are not looking solely at external threats. On the contrary, many believe that insiders pose at least as great a threat to agency cybersecurity as do hackers and cyberattackers.
The survey, conducted by Market Connections, included insight from 200 federal IT decision-makers, the Federal Times reported. These participants were asked a variety of questions regarding their agencies' attitudes and behavior regarding cybersecurity.
Notably, the survey found that these IT leaders saw employee misuse as the single greatest cyberthreat, described as "prolific" by 52 percent of respondents. The source explained that "misuse" was defined as the failure of insiders to follow proper cyber-hygiene policies. This was followed by phishing (49 percent), malware (47 percent), spam (42 percent) and data leakage (39 percent). Data breaches were only seen as prolific threats by 33 percent of respondents, and only 15 percent worried about cyber espionage to this level.
This marks a significant change in federal IT leaders' attitudes. When this survey was conducted in 2012, 40 percent of federal IT leaders saw misuse as a major security issue. That year, malware was the biggest concern, cited by 59 percent of respondents, while cyber espionage was also seen as a more serious problem, with 25 percent of participants calling it prolific.
Considering the degree of concern, it is no surprise that federal IT managers plan to take action in order to reduce these risks. The news source reported 66 percent of respondents suggested they plan to implement new security systems in the coming year, making this the most popular approach to improving federal cybersecurity. This was followed by plans to improve employee training and to implement new policies.
Strategies to improve and expand training were particularly popular among IT decision-makers working for defense-related agencies, the Federal Times reported. Among respondents in this sector, 71 percent considered end-user training a priority for improving cybersecurity in 2015.
"Cyber security awareness training can help solve many of the challenges we face with protecting information technology assets and our government's most sensitive information and mission-critical systems," said Deon Viegutz, director of cyber operations for Lockheed Martin Information Systems and Global Solutions, the source reported.
Both superior training and better cybersecurity systems have their advantages, and agencies will likely need to pursue a combination of these two in order to effectively protect their networks and resources from cybersecurity threats. With training, federal employees will learn best practices for utilizing systems while minimizing the risk of exposure or data leaks. This greatly reduces the risk that an insider will inadvertently cause a breach at his or her given agency.
Just as importantly, investing in new cybersecurity tools can help agencies stay one step ahead of external threats. Cybercriminals and hackers, whether state-sponsored or purely opportunistic, are improving their strategies and tactics all the time, and no current system is safe.
To implement improvements in both these areas, many agencies will inevitably need to turn to third-party cybersecurity firms for assistance. These organizations can guide, oversee, deploy and maintain new cybersecurity resources, as well as deliver training to federal personnel. By outsourcing these needs, agencies can maximize their security while still allowing in-house IT personnel to focus on more productive projects.