A well-meaning employee that unintentionally exposes federal data is more of a cybersecurity concern than malicious actors for foreign government agencies, according to a March 5 survey by systems management company SolarWinds.
More than half of the 200 federal employees surveyed — about 56 percent — said that security-sloppy insiders posed the greatest security threat to their agency, closely followed by foreign governments at 52 percent.
“The risk posed by careless untrained insiders and foreign governments is at an all-time high, yet for the most part, IT pros feel like their agencies are doing good jobs with their IT security. In particular, they believe that government mandates and investments in training are paying dividends,” said Jim Hansen, vice president of products, security and cloud at SolarWinds.
That concern over an individual accidentally exposing sensitive information increased in the case of contractors. More than half of the survey respondents said contractors posed a greater security risk than regular employees, largely due to the potential for accidental data exposure and a lack of understanding about agency security policies.
In the last year, senior leaders at the Department of Defense and other federal agencies have emphasized contractor cybersecurity. The shift comes as China is believed to be targeting defense contractors, particularly those on the lower end of the supply chain, in an attempt to steal sensitive American secrets.
The survey cited an unnamed IT director at the Department of Defense who said “security guidance needs to be produced internally much faster — how to take external direction and policy and provide guidance to program managers, operators, and developers. Now the solutions are being implemented with a best guess and the guidance comes next, leading to either compliance failures or the need to redo everything."
Despite these concerns, IT security respondents said they are making progress on addressing security concerns. About two-thirds of respondents said the ability to deal with insider threats has improved or remained under control, while 58 percent said the same of non-malicious insiders.
The IT professionals also said that security frameworks and mandates largely helped them improve their cybersecurity, whereas in the previous survey over half of respondents said they were more of a challenge than a help.
“The results of this year’s survey are encouraging, but there’s certainly more work to do,” said Mav Turner, vice president of product strategy at SolarWinds. “In particular, agency IT professionals must continue to identify ways to improve security around contractors and temporary workers, who comprise a large population of the federal workforce, and insider and foreign threats continue to loom. Overall, agencies appear to be on the right track, with the right tools and policies in place — a trend we hope will continue into next year.”