Insiders at US federal agencies pose nearly as much threat to agency information security as hackers, according to a survey released on Wednesday by IT software management company SolarWinds.
SolarWinds worked with Market Connections to survey 200 IT and IT security professionals from the federal government and military in early 2014, and their answers suggest that the threat landscape is much broader than just malicious outsiders.
Half of respondents named external hacking as the top cybersecurity threat for their organization, with 29 percent pointing to insider data leakage and theft. Nine percent were unsure if any cyber threats affected their agency.
Breaches were blamed on hackers in 47 percent of cases, but on “careless and untrained insiders” in 42 percent.
“Despite the many rules and system lockdowns in place in federal IT organizations, people are by nature uncontrollable and therefore are absolutely the greatest risks to IT security,” Chris LaPoint, VP Product Management, SolarWinds said. “While federal IT Pros can’t change these human behaviors, they can take control of their IT infrastructures by implementing continuous monitoring of networks, servers and applications and finding the right technologies to quickly mitigate threats.”
Significant differences were found between the responses of defense and civilian agencies. Careless or untrained insiders were named as a threat by 18 percent more respondents from defense, while malicious insiders are considered a threat by 16 percent more. In contrast, the general hacking community is considered a threat by 20 percent less of defense IT pros (35 to 55 percent).
Budget constraints were cited as the top obstacle to maintaining or improving cybersecurity by 40 percent, with competing priorities (19 percent) and complex internal environments (14 percent) also pointed to.
Shockingly, in light of the lessons of 9/11, “turf battles” were named by 42 percent as hindrances to implementing the appropriate IT security tools.
Two-thirds of those surveyed employ at least one continuous monitoring solution, and their investment is seen as effective, but clearly significant opportunities remain for IT security companies to increase their customer base among federal agencies.
The growth of the federal cybersecurity market recently prompted Maryland to explore tax credits to entice firms serving this need to create jobs in the state.