U.S. federal IT managers have woken up to how vulnerable their systems are to insider threats: More than three-quarters of those surveyed recently said their agencies are more focused on the issue than they were a year ago.
20 Million Lose Sensitive Data to Sloppy Practices
The massive leaks connected to Edward Snowden and Chelsea Manning are just part of the U.S. government’s Internet security problems.
Many have argued that the worst government hack of all time was a data breach at the Office of Personnel Management that was revealed in June 2015 and included sensitive background-check information from more than 20 million people.
Chinese cyberspies are suspected of stealing the data, which was vulnerable because OPM failed to conduct basic cybersecurity measures, according to the agency’s internal watchdog.
Many Breaches, Many Unintentional
A survey of 150 federal IT managers released in September 2015 by the public-private partnership MeriTalk found that 29 percent said their agencies lost data to an insider incident in just the previous 12 months. Nearly 40 percent of those breaches were caused unintentionally by employees.
Managers are well aware of problems in how their agencies’ systems are used:
- Nearly two-thirds say employees and contractors email government documents to personal accounts
- About half say those workers commonly fail to follow protocols
- 40 percent say employees commonly access information they are not authorized to view.
Formal Programs Produce Results
There is no consensus on the most important way to prevent insider threats in federal systems, but here’s an overview:
- 40 percent of managers said security technology is the linchpin
- Another 40 percent said end-user education and training was most important
- The remaining 20 percent said access needs to be better controlled and tracked.
The survey found that the 55 percent of agencies that have a formal insider training program in place are much more likely to be employing many methods to keep government data safe, including:
- Annual in-person security training
- Phishing exercises
- Real-time alerts for inappropriate access, inappropriate sharing and data loss
- Access management solutions
- Endpoint encryption
- Anomaly detection
What do you think about the rise in internal threats? Has your business or place of employement been affected? Let us know in the comments section below!