By Christine Kern, contributing writer
According to a new study from MeriTalk, 45 percent of all federal agencies were targeted by insider threats, with 29 percent losing data to an insider incident over the past year. The report, Inside Job: The Federal Insider Threat Report, underwritten by Symantec, also found that although 76 percent of federal agencies are increasing attention on combating insider threats compared to a year ago, nearly half still suffered from an insider attack.
The challenge comes because, as agencies are entrusted with storing and managing a range of sensitive information, the potential channels for data loss are becoming more complex. That makes breaches perpetrated by insiders — whether malicious or unintentional — very real and growing problem.
The MeriTalk study surveyed 150 federal IT managers familiar with their organizations’ cybersecurity efforts to discern what agencies can do to better address this significant challenge and protect their systems and data.
Among the directed actions taken by agencies to minimize insider threats, respondents noted running mock attacks or other test scenarios (51 percent); annual online training (73 percent); in-person security training (31 percent); and routine updates of security protocol manuals for employee review (29 percent).
The biggest challenges come from employees: 51 percent of those surveyed reported that employees often fail to follow appropriate protocols, while 40 percent stated that unauthorized employees access government information they shouldn’t at least once a week. These actions place their agencies at significant risk.
The problem is not just what employees are doing. It also is reflected in what agencies do not know. For example, 45 percent cannot tell when a document has been inappropriately shared; 42 percent cannot tell how a document was shared; and 34 percent cannot detect what data has been lost.
So what’s the answer? Creating a formal insider threat program, with annual in-person security training; real-time alerts for inappropriate access/sharing and data loss; agency-wide security technologies; and government-wide initiatives to support the effort.
Seventy-seven percent of Federal IT managers stated that the Presidential Cross-Agency Priority (CAP) goals would aid efforts to combat insider threats. They also believe that Information Security Continuous Monitoring (86 percent), Continuous Diagnostics and Mitigation (82 percent), and Defense Department Directive 5205 (82 percent) will be valuable to strengthen threat prevention.
“There’s no shortage of news stories underscoring the risks of government data breaches, particularly those perpetrated by insiders, whether malicious or unintentional. Agencies must take a holistic approach when implementing formal insider threat programs to battle this risk head-on,” states Rob Potter, vice president, public sector, Symantec. “Investments in the right technology, as well as employee training and education, are critical.”