In the 1979 horror film “When a Stranger Calls,” there’s a famous scene where the main character, a babysitter who’s been receiving threatening phone calls, is told by the police that they’ve been able to trace the calls. It turns out they’re coming from inside the house! The dangers came from within!
Federal IT professionals know the horror of insider threats extremely well. In fact, according to respondents participating in the SolarWinds 2017 Federal Cybersecurity Survey, most agency IT and security managers agree that the most potent threats lurking around the corner come not from hackers or foreign governments, but from careless, untrained, or malicious insiders.
When asked, “what are your top sources of security threats,” a whopping 54 percent of respondents listed careless or untrained insiders as their top choice, with 40 percent calling out “malicious insiders.” Both are up from 2016, from 48 percent and 22 percent, respectively. Indeed, since 2014, respondents indicated significant increases in threats from both categories.
In a world focused on hackers, this may seem surprising, but federal IT professionals know better. As one survey respondent said, “Despite all the outside threats, our worst security problems come from insider issues; some of it malfeasance, some of it ignorance, some of it laziness.”
For a number of reasons, agency IT professionals must proactively fortify their networks every day against their own employees. Their colleagues may be unwittingly sharing ransomware or malware, which are growing at an impressive rate (50 percent of respondents to our survey indicated that malware continues increasing at their agencies). They may be using personal, unauthorized, or “rogue” devices, exposing networks to potential hackers. Some may even lose or leave these devices behind; 22 percent of respondents noted an increase in device theft over last year. Some may simply be opening emails and falling prey to phishing scams.
Even more worrisome, some employees may be actively seeking to access proprietary information for nefarious purposes. A large number of respondents listed “inappropriate internet access by insiders,” “unauthorized configuration changes,” and “misuse and abuse of credentials” as ongoing concerns. Any of these could indicate intent to do harm by internal resources.
IT professionals continue to turn to monitoring and reporting tools to effectively combat these threats, and they are using a variety of solutions for this purpose.
Survey respondents listed smart cards and common access cards, identity and access management tools, endpoint security software, and security information and event management software, among others, as the most effective risk management tools.
These solutions have helped improve security on both macro and micro levels. Overall, federal IT professionals feel that their agencies are more proactive regarding security than they were five years ago, with 26 percent of respondents “strongly agreeing” and 48 percent “somewhat agreeing” with that statement. On a day-to-day basis, modern security tools have improved automated protection and remediation response times. Respondents feel that their security responsiveness is “more robust” in detecting rogue devices on their networks (62 percent), distributed denial-of-service attacks (52 percent), inappropriate internet access by agency insiders (49 percent), and unauthorized configuration changes (45 percent).
Insider threats will remain a challenge (that can be managed)
Given the increasingly contentious state of affairs, there is no indication that any of these numbers will go down anytime soon. The recent arrest of a U.S. State Department employee with top secret clearance who was caught receiving thousands of dollars in gifts and benefits from Chinese intelligence agents is just the latest example of the growing problem.
As our survey suggests, however, agencies that invest in the right tools and processes can build formidable security postures to help curb the specter of insider threats. Sixty-five percent of respondents noted that modern tools feature stronger built-in security features, while 31 percent said that newer technologies contain smaller attack surfaces. Add all of it up and one finds that while insider threats will always be scary, there are certainly ways to manage them so they are less frightening.
Joe Kim is executive vice president for engineering and the chief technology officer at SolarWinds, an IT monitoring and management company.