According to a recent federal cybersecurity survey conducted by SolarWinds and Market Connections, that is a question that many Department of Defense and other government IT managers struggle to answer. In fact, the majority of the 200 respondents said they believe malicious insider threats are just as damaging as external threats. Further, one-third of respondents said they believe accidental insiders can be as dangerous as those who harbor malicious intent.

Welcome to the post-Edward Snowden and Bradley Manning world of federal IT, where an anonymous hacker can do just as much damage as a USB drive left carelessly on a desk. It’s an environment where technology, training and policies must be consistently deployed, and work together, to ensure lock-down security.

Technology is shifting
With the number of devices and users rapidly increasing, manual network monitoring is no longer feasible. As noted by survey respondents, ‘top tier’ tools to prevent internal and external threats pertain to identity and access management, intrusion prevention and detection and security incident and event management (or log management) .

Each solution offers continuous and automatic network monitoring, removing most of the day-to-day burden from IT managers. The tools alert administrators of anomalies, including breaches, data leaks, suspicious activity and unauthorized users and devices. Problems accurately can be traced to individual users and devices, helping identify the root cause of potential insider threats. Most important, administrators can address any potential issues far more quickly than ever before.

Ideally, tools should be easy to install and configure so they can deliver immediate value to any IT organization without extensive customization by outside consultants. However, tools also need to be supported with proper procedures and trained professionals who understand the importance of security and maintaining constant vigilance.

Don’t forget to train humans, too
Reflecting the importance of agency-wide training, 53 percent of respondents said careless and untrained insiders are the largest threat at federal agencies, while 35 percent stated “lack of IT training” is a key barrier to insider threat detection. IT personnel should be trained on technology protocols and the latest government security initiatives and policies, and receive frequent and in-depth information on agency-specific initiatives that could impact or change how security is handled throughout the organization.

All employees should be aware of the dangers and costs of accidental misuse of agency information or rogue devices. Forty-seven percent of survey respondents stated employee or contractor computers were the most at-risk sources for data loss, with 42 percent granting that designation to removable storage devices such as USB drives or CDs. Human error is often far more dangerous than explicit intent.

Policies should be carefully targeted
When it comes to accidental or careless insider threats, 56 percent of survey respondents were somewhat confident in their security policies, while only 31 percent were “very confident.”

Agency security policies, combined with federal policies serve as a security blueprint and are therefore extremely important. These policies include the Defense Information System Agency’s Security Technical Implementation Guides and the National Institute of Standards and Technology’s Federal Information Security Management Act Overall, policies should plainly outline the agency’s overall security approach and include specific details such as authorized users and use of acceptable devices.

Alarmingly, “security holes begin at the top…[senior managers] expect that they are protected and they are above any security holes—to the effect [that] they insist on admin rights to network resources,” one respondent said. Authorization for administrative users should not be based on rank—access should be limited only to those who absolutely need to get to specific data. The list should be small and continually monitored and adjusted. IT administrators should also maintain a list of authorized devices allowed to touch the network. This device ‘white list’ is critically important, especially as more devices begin to proliferate on the network, and bring-your-own-device remains a security challenge.

“Security is a challenge, and the enemy is increasingly sophisticated,” a respondent said. More and more, the enemy attacks from all fronts—externally and internally. Federal IT managers clearly need to be prepared to combat the threat using their own three-pronged defense of technology, training and policies.

Source: Content originally published on AFCEA.org

“Our security holes begin at the top,” said a network manager at a federal agency. “Senior management expects “that they are protected and they are above any security holes – to that effect, they insist on admin rights to network resources. The administration supports this view and turns a ‘blind eye’ to the risk.”

In December 2014, Market Connections, a leading government market research provider, in conjunction with SolarWinds conducted its second annual blind survey of 200 IT and IT security decision makers in the federal government, military and intelligence communities to uncover their most critical IT security challenges and to determine how to make potential security threats visible so IT can confront them.

A key finding was that federal IT professionals identified careless and untrained insiders as the greatest source of cybersecurity threats – over malicious external sources such as hackers and terrorists – yet disparately reported that malicious external threat sources maintained priority for threat prevention investment.

View the infographic for data on top sources of security threats and most damaging breaches, top obstacles to threat prevention, concern versus investment in resources and top tools to prevent threats.

Cybersecurity in the federal goverment from SolarWinds

If only the real world were so exciting. In reality, the primary threat does not necessarily come from a well-meaning hacker with a modified Alienware computer, but from the person sitting at the next desk over.

According to a 2015 SolarWinds and Market Connections survey of federal IT professionals, insiders are starting to supplant external hackers and terrorists as the greatest cybersecurity threat. In that survey, more than half (53 percent) of respondents identified careless and untrained insiders as the greatest source of IT security threats at their agencies, up from 42 percent last year.

Respondents pointed to several reasons insider threats have become ‘public enemy number one.’ The steadily growing volume of network activity is seen as a primary culprit, as more administrators are being asked to keep up with monumental increases in traffic. The growing use of personal devices is another factor, as is mounting pressure for IT pros to change network configurations quickly, rather than correctly. Combine these issues with simple human error—a misplaced USB drive here, an unattended laptop there—and lack of training, and one can understand how insider threats can loom so large.

Here are three strategies that can help address the growing issue of insider threats.

Continuously monitor the network

It can be difficult for IT pros to keep up with network activity and remain alert to everything that’s happening on these networks, but doing just that is very important. Solutions that continuously and automatically monitor networks for any anomalies can help. Their alerting capabilities help administrators keep tabs on potential breaches, data leaks, unauthorized users and overall suspicious activity, allowing them to respond and address problems immediately.

Examples of effective monitoring solutions include security information and event management (SIEM) and log and event management software. These solutions provide real-time feedback and alerts that give administrators information about any suspicious network activity. Administrators can use them to accurately track the root of a problem, right down to the individual user who may—inadvertently or not—be compromising the network.

Standardize network configurations

It’s no news that federal IT pros are pressed for time. But the comment by survey respondents about fast, versus accurate, network configuration is telling, and problematic. Networks that aren’t properly configured can open the doors for employees to make unauthorized and erroneous network changes.

Automating the network configuration process is a good option for time-strapped federal IT pros. Tools can be set up to perform scheduled network configuration backups, bulk change deployment for thousands of devices and more—and do so properly, yet with minimal input from the administrator. These tools not only ease the worry of insider threats but also catch configuration errors and automatically notify the administrator of any compliance issues.

Closely track user devices

Speaking of devices, employees continue to rely on their personal devices for work, which can create enormous risk. One lost smartphone or stolen laptop can result in a national security issue.

As a result, administrators should implement a strategy that will allow them to accurately and quickly track and monitor devices, switches and ports. Doing so will allow them to easily block unauthorized devices from accessing their networks. They should also create a ‘whitelist’ of authorized devices and set up alerts in case any device that’s not on that list attempts to ping the network.

Insider threats come in many forms. Some are completely intentional, and others are completely innocuous, but all can be extremely dangerous. And, unlike the hacker hero who saves the day in a TV show, none should be taken lightly.