This article originally appeared at The WHIR
Careless and untrained insiders are the biggest cybersecurity threat to federal agencies, outweighing threats by external sources including hackers, according to a report by SolarWinds on Monday.
This particular finding is consistent with a report SolarWinds released in March, in which 29 percent of respondents said insider data leakage and theft was a top cybersecurity threat to their agency.
The latest study, which SolarWinds conducted with government market research provider Market Connections, finds that 53 percent of federal IT professionals said “careless and untrained” insiders are the greatest source of IT security threats. This is up from 42 percent in March’s survey.
More than that (57 percent) believe breaches caused by insiders are more damaging as or as damaging as those caused by malicious outsiders.
A report earlier this month by the Cloud Security Alliance focused on the private sector found that 22 percent of organizations have a cloud security awareness training program, which can help with preventing insider threats. The public sector may consider this approach as at least a segment of a broader prevention and mitigation plan.
Bring-your-own-device is also part of the internal security concern for federal agencies. According to the report, top causes of accidental insider breaches include phishing attacks (49 percent), data copied to insecure devices (44 percent), accidental deletion or modification of critical data (41 percent) and use of prohibited personal devices.
Twenty-nine percent of federal IT pros surveyed said that budget constraints are the most significant obstacle to maintaining or improving IT security, down from 40 percent last year.
While 69 percent of respondents said that they had increased investment over the past two years to prevent external threats, only 46 percent did so for internal threats. Nine percent of respondents even said they decreased investment in insider threat prevention.
“Contrasting the prevalence of insider IT security threats against a general lack of threat prevention resources and inconsistently enforced security policies, federal IT Pros absolutely must gain visibility into insider actions to keep their agencies protected. However, given the unpredictability of human behavior, the ‘Why?’ of those actions is an elusive query,” SolarWinds VP of product management Chris LaPoint, said. “Fortunately, there are IT management solutions that can help identify Who is doing What, and even point to Where and When, empowering federal IT Pros to isolate the threats and address them before the agency’s security is in peril.”
While the study focuses on internal threats, external threats are not to be ignored.
Earlier this month, as part of the preview to the State of the Union Address, US President Barack Obama spoke about his intention to introduce new legislation that would make it easier to prosecute cybercriminals and facilitate flow of information between the public and private sectors, something that the government has been trying to do for years.
In December, the US Department of Justice announced a dedicated cybersecurity unit, which will provide guidance to law enforcement as well as cooperate with private sector partners.
This article originally appeared at: http://www.thewhir.com/web-hosting-news/careless-untrained-insiders-biggest-cybersecurity-threats-federal-agencies-report