October is National Cybersecurity Awareness Month, and it’s a great time to evaluate potential threats and solutions. SolarWinds recently commissioned Market Connections to find out where the biggest potential threats are. And according to the survey results, the greatest threats come from within.
The majority of the 200 survey respondents said they believe malicious insider threats are just as damaging as external threats. Further, one-third of respondents said they believe accidental misuse by insiders can be as dangerous as those who harbor malicious intent. Why are insiders such a threat? In the Washington Post, SolarWinds offered several reasons:
With the number of devices and users rapidly increasing, manual network monitoring is no longer feasible. Top-tier tools to prevent internal and external threats pertain to identity and access management, intrusion prevention and detection, and security incident and event management (or log management).
Lack of training
More than half (53 percent) of respondents said careless and untrained insiders are the largest threat at federal agencies, while 35 percent stated lack of IT training is a key barrier to insider threat detection. Training personnel on the dangers and costs of accidental misuse of agency information, as well as technology protocols and the latest government security initiatives and policies, goes a long way toward raising awareness and reducing threats.
Agency security policies, combined with federal policies — such as the Defense Information System Agency’s Security Technical Implementation Guides and the National Institute of Standards and Technology’s Federal Information Security Management Act — serve as a security blueprint. These policies should plainly outline the agency’s overall security approach and include specific details such as authorized users and use of acceptable devices.
Federal IT managers clearly need to be prepared to combat the threat using their own three-pronged defense of technology, training and policies.
To learn more, view the report.