04:20 PM
James Bindseil
James Bindseil
Connect Directly

Think Hackers Are IT's Biggest Threat? Guess Again

More than one third of all data security breaches at government agencies are caused accidentally by internal employees.

Making matters more difficult is that many federal organizations can now be held liable for breaches occurring with partners. Healthcare, for instance, is currently adapting to the new HIPAA amendment that can hold business associates responsible for data breaches. The new regulations can cost violators up to $1.5 million per record.

Anticipating an employee-caused data breach can be incredibly difficult. However, there are several areas in which agencies can improve:

Assess the risk. Discovering and prioritizing possible vulnerabilities in the storage and transferring of sensitive data is a critical first step. To start, ask four questions about your agency:

-- How do your employees typically send and receive confidential files?

-- What's your agency's common practice for accessing mobile information?

-- If the agency has experienced previous incidents, what were the causes?

-- Do you have well-documented policies in place that teach staff which file transfer methods are okay, and which are risky?

Regularly review regulatory compliance requirements. The Federal Information Security Management Act (FISMA) requires agency officials to audit data security initiatives and report results annually. However, at the rate that technology evolves, IT should regularly determine the status of agency compliance, particularly if employees' routine actions meet regulatory requirements.

Secure and manage data in motion. Data that is being transferred from one source to another has a particularly high risk of being lost, stolen, or otherwise compromised -- especially in the case of internal breaches and the potential for human error. IT must implement systems that can effectively secure and manage data in motion. Transparency is also important. You need visibility into what was sent, how it was sent, to whom it was sent, and who accessed it.

Educate agency employees. Inside jobs with malicious intent do occur, but in reality many incidents are the result of accidents. Mitigate the risk at the source by educating agency employees on compliance issues and poor data-handling practices, such as third-party storage, insecure email and unapproved devices.

Tightening the security perimeter will always be a top priority for federal IT professionals. But as agencies invest to keep the bad guys out, it's equally important to consider the people who are already in.

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Chuck Brooks
Chuck Brooks,
User Rank: Apprentice
11/8/2013 | 9:31:03 PM
re: Think Hackers Are IT's Biggest Threat? Guess Again
James is on point, cybersecurity risks are often teh result of internal breaches. The best way to address this is to have Informed risk management for employees on security protocols and processes to provide basic security awareness/identify threats.

User Rank: Apprentice
10/31/2013 | 3:28:51 AM
re: Think Hackers Are IT's Biggest Threat? Guess Again
While certainly a "culture of security" can help address the threat, poorly architected systems also pose a risk. I'm not saying cloud computing or Big Data or any other technology is to blame, but a lack of planning leads to a lack of security. Blaming employees is too easy.
Ulf Mattsson
Ulf Mattsson,
User Rank: Moderator
10/30/2013 | 9:31:33 PM
re: Think Hackers Are IT's Biggest Threat? Guess Again
I agree that "Secure and manage data in motion" and "Tightening the security perimeter will always be a top priority for federal IT professionals", but I think that the perimeter is gone and that the most attractive target is data in large databases.

I think that the flow of sensitive data across different systems and databases should be protected. I recently read an interesting study from Aberdeen Group about security-related incidents. The study revealed that GǣOver the last 12 months, tokenization users had 50% fewer security-related incidents(e.g., unauthorized access, data loss or data exposure than tokenization non-usersGǥ. The name of the study is GǣTokenization Gets TractionGǥ.

I also think that security teams need to look at if data access patterns are normal for users that are accessing sensitive data. Tools can help to determine if the pattern is normal, is this what the typical employee does as part of their work, or is this behavior out of the ordinary.

Ulf Mattsson, CTO Protegrity
D. Henschen
D. Henschen,
User Rank: Apprentice
10/30/2013 | 6:38:01 PM
re: Think Hackers Are IT's Biggest Threat? Guess Again
This article has a government spin, but it's also very applicable to the private sector. Pay close heed to the practical advice on page two on curbing unintended data breaches unwittingly instigated by internal employees.
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.