Is the government its own biggest security threat?
Government agencies face cybersecurity threats from a number of outside sources. Foreign governments want to infiltrate U.S. systems to make political points or to gain valuable information about critical infrastructures or defense secrets. Individuals try to breach networks to gain financial and personal information of American citizens to steal identities or sell the data. But when those agencies are asked which threat stands out above the rest as a risk to their cybersecurity, they had a surprising answer: themselves.
The risks of internal cybersecurity errors
In a survey of government IT staff, outside threats were not seen as the biggest risk to government programs. According to a study by Hewlett Packard and Ponemon Institute, internal errors were listed as the top safety concern in the government's digital age.
Forty-four percent of federal government employees and 40 percent of state and local government employees reported that negligent insiders – people who weren't following the proper security protocols – were the biggest threat to their security systems. Nation-state attackers came in fifth on the list of concerns, even lower than the risk of government agencies themselves failing to upgrade to security patches that will prevent known threats.
"Internal security programs are essential for maintaining safety."
Upgrades are one of the most essential steps an agency can take to improve its cybersecurity efforts. Software companies will create solutions to viruses and other malware, as well as self-detected weaknesses in a program that could cause an opening for these kind of hacking codes to get through. Simply running a known software update on existing systems can eliminate many vulnerabilities as soon as they are identified.
Yet it appears that not enough groups are taking these necessary precautions.
Internal security programs are necessary for maintaining the safety of government networks. The HP and Ponemon survey found that the issue isn't the result of any kind of active maliciousness, but rather, that many government groups don't believe they have the staff and resources they need to keep cybersecurity efforts up and running at full capacity.
It was also revealed that, because of its size, the federal government was more likely to be a target of outsider attacks. Because of the knowledge of this vulnerability, federal government agencies were reported to be better equipped at preventing and recovering from such disasters. State and local governments were less likely to be able to find and identify an attack and contain it quickly.
Improving government security procedures
According to US News and World Report, government agencies have been reaching out to find more cyber experts who can help improve the security concerns highlighted in reports such as this. Organizations have made note of weaknesses in their security programs and they need the extra personnel to help patch those vulnerabilities.
The White House announced an initiative earlier this year to improve cybersecurity measures on national, state and local levels. While much of the plan's focus will go towards strengthening the digital systems of the government, another key component will be improving staff education on how to follow cybersecurity protocols. The initiative states that all the upgraded equipment and software plans that will be put into place won't be able to be effective without the right staff to manage it.
The White House outline seeks to go above and beyond current training programs to give more employees the knowledge and understanding of the latest cybersecurity measures, so that everyone can play his or her own role in helping to keep government records safer.
It's not only a matter of high-ranking IT professionals who regularly access a system's most sensitive data. Sometimes, a debilitating virus is able to take down an entire network because one person unknowingly downloaded a corrupted file onto their own computer. These malicious codes are then able to infiltrate the entire network. By helping to educate people who have access to any kind of technology on a government server, agencies can keep their information protected.
Hiring outside help
Some of these necessary security measures may take years to come to fruition. While big agencies will be the first to receive upgrades and additional support staff because they are bigger targets for cyberattacks, smaller agencies and local governments could be left vulnerable.
Fortunately, there are solutions that can work for these smaller organizations. By outsourcing some of their IT needs to industry tech professionals, agencies of all sizes can have access to the same level of experience as the bigger groups. Bringing in IT support that is focused on government work can get systems upgraded faster while providing hands-on support and training to all applicable staff.
Cybersecurity is not an area for any group to cut corners. Getting positive changes made is best done sooner rather than later to get favorable results for any agency.