Ed Survey Results: Insider Threats

Careless and Untrained Insiders Identified as Top Source of Security Threats to Federal Agencies, but Concern and Investment Still Focused on Malicious External Threat Sources

January 28, 2015

7 Min Read

PRESS RELEASE

HERNDON, VA--(Marketwired - Jan 26, 2015) - SolarWinds (NYSE: SWI), a leading provider of powerful and affordable IT performance management software, today announced the results of its cybersecurity survey, in which federal IT Professionals exposed a need for internal cybersecurity threat prevention. Respondents identified careless and untrained insiders as their greatest source of cybersecurity threats -- over malicious external sources such as hackers and terrorists -- yet disparately reported that malicious external threat sources maintained priority for threat prevention investment.

In December 2014, Market Connections, a leading government market research provider, in conjunction with SolarWinds conducted its second annual blind survey* of 200 IT and IT security decision makers in the federal government, military and intelligence
communities in an effort to uncover their most critical IT security challenges and to determine how to make potential security threats visible so IT can confront them. Respondents weighed in on top cybersecurity threat sources, obstacles to threat prevention, necessary tools for threat prevention, and their concerns, investment and policies regarding cybersecurity.

Insider threats now most prevalent and damaging to government agencies
More than half (53%) of federal IT Pros identified careless and untrained insiders as the greatest source of IT security threats at their agencies, up from 42 percent last year.
Nearly two-thirds (64%) believe malicious insider threats to be as damaging as or more damaging than malicious external threats, such as terrorist attacks or hacks by foreign governments. Further, 57 percent believe breaches caused by accidental or careless insiders to be as damaging as or more damaging than those caused by malicious insiders.

Nearly half of respondents said government data is most at risk of breach from employees' or contractors' desktops or laptops. Top causes of accidental insider breaches include phishing attacks (49%), data copied to insecure devices (44%), accidental deletion or modification of critical data (41%) and use of prohibited personal devices (37%).

Investment in insider threat prevention falls short
While 29 percent of federal IT Pros said budget constraints are the single most significant obstacle to maintaining or improving IT security, this figure is down from 40 percent last year, yet investment is still not increasing for insider threat prevention.

Although most agencies increased investment over the past two years to address malicious external threats (69%), less than half did so for malicious insider threats (46%) or accidental insider threats (44%). In fact, some said investment decreased for insider threats (9%).

Insider threat detection difficulties also include a high volume of network activity (40%), lack of IT staff training (35%), growing use of cloud services (35%), pressure to change IT configurations quickly more so than securely (34%), use of mobile devices (30%), cost of sophisticated tools (27%), and growing adoption of BYOD (27%).

Although 85 percent of federal IT Pros said they have formal IT security policies, 46 percent noted insufficient security training for employees as an obstacle to threat prevention.

"Contrasting the prevalence of insider IT security threats against a general lack of threat prevention resources and inconsistently enforced security policies, federal IT Pros absolutely must gain visibility into insider actions to keep their agencies protected. However, given the unpredictability of human behavior, the 'Why?' of those actions is an elusive query," said Chris LaPoint, group vice president of product management, SolarWinds. "Fortunately, there are IT management solutions that can help identify Who is doing What, and even point to Where and When, empowering federal IT Pros to isolate the threats and address them before the agency's security is in peril."

Solution: Identify and thwart malicious insider activity
By monitoring connections and devices on the network, and by maintaining logs and data of user activity, IT Pros can assess WHERE on the network certain activity took place, WHEN it occurred, WHAT assets were on the network and WHO was logged into those assets.

WHAT is (and was) on the network? Solutions that monitor network performance for anomalies, track devices, offer network configuration and change management, manage IT assets, and monitor IP addresses keep federal IT Pros aware of the objects and traffic on their networks.

User device tracking software, IP address management, security information and event management (SIEM), and log and event management software can point to WHO and WHAT are responsible for certain activity on the network and accelerate the identification and termination of suspicious activity.

Additionally, after internal security training, respondents identified the top types of tools to prevent accidental insider threats as identity and access management (39%), internal threat detection and intelligence (36%), intrusion detection and prevention (32%), SIEM or log management (31%), and Network Admission Control (31%).

Supporting quotes:
"Pointing to hackers, terrorists or foreign governments as the top threats to our government's security seems obvious, especially given the hype that surrounds huge corporate hacks and acts of terrorism. Even intentional insider security breaches such as Edward Snowden's raise valid concerns and demand prevention investment. But who could imagine that their own colleagues could accidentally cause security breaches with comparable impact to those executed with malicious intent? Still, data loss can easily become data stolen, and agencies that ignore these accidental insider threats may well be doing so to their own detriment."
- Chris LaPoint, Group Vice President of Product Management, SolarWinds
"Interestingly we have positioned ourselves relatively strongly against external threats, but it is the accidental or malicious insider threat which has caused us more problems. People do what they want to do and there are so many people (particularly younger) who view security as interference and also have some skills to successfully work around security protocols."
- Director of Operations, DCMA
"Our security holes begin at the top. [Senior management expects] that they are protected and they are above any security holes -- to the effect, they insist on admin rights to network resources. The administration supports this view and turn a 'blind eye' to the risk."
- Network Manager, Federal Agency
"SolarWinds' survey delves into the sources and types of threats posing critical cybersecurity challenges to federal IT agencies and whether or how agencies are reacting. Federal IT Professionals can benefit from this research by shifting their perspectives on monitoring their IT infrastructures to ensure they can identify internal and external threat sources and secure the appropriate resources to mitigate them quickly."
- Laurie Morrow, Director of Research Services, Market Connections, Inc.

SolarWinds Solutions for Government
SolarWinds software is available on the U.S. General Services Administration (GSA) Schedule, Department of Defense ESI, and other contract vehicles.
U.S. Government certifications and approvals include Army CoN, Air Force APL, Navy DADMS; and Technical Requirements include FIPS compatibility, DISA STIGs, National Institute of Standards and Technology (NIST) compliance and Common Criteria EAL 2 Certification, Section 508 VPATs.


SolarWinds also has hundreds of built-in automated compliance reports, which meet requirements of all major auditing authorities, including DISA STIG, FISMA, NIST, and more.
SolarWinds' thwack® online user community provides a number of out-of-the-box compliance report templates available to download for free that are designed to help users prepare for an inspection. thwack also provides information on Smart Card and Common Access Card (CAC) product support.


For more product and GSA pricing information and for a fully functional free trial of all above products, visit the SolarWinds Government Solutions page.
Additional Resources:
Whiteboard Blog: Investigating Threats to Federal Cybersecurity - Where to Look and What to Do about Them
Survey Slideshare: SolarWinds Federal Cybersecurity Survey 2015
Video: SolarWinds IT Management & Monitoring for Government
*In December 2014, Market Connections surveyed 200 IT security professionals in federal government and military service in conjunction with SolarWinds. Full survey results are available upon request.

About SolarWinds
SolarWinds (NYSE: SWI) provides powerful and affordable IT management software to customers worldwide from Fortune 500 enterprises to small businesses. In all of our market areas, our approach is consistent. We focus exclusively on IT Pros and strive to eliminate the complexity that they have been forced to accept from traditional enterprise software vendors. SolarWinds delivers on this commitment with unexpected simplicity through products that are easy to find, buy, use and maintain while providing the power to address any IT management problem on any scale. Our solutions are rooted in our deep connection to our user base, which interacts in our thwack online community to solve problems, share technology and best practices, and directly participate in our product development process. Learn more today at http://www.solarwinds.com/.
SolarWinds, SolarWinds & Design, Mobile Admin, Kiwi CatTools, Kiwi Syslog, DameWare, Web Help Desk and thwack are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other company and product names mentioned are used only for identification purposes and may be or are intellectual property of their respective companies.
© 2015 SolarWinds Worldwide, LLC. All rights reserved..

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights