Insiders remain a significant threat to Federal agencies.
A recent report, “Inside Job: The Federal Insider Threat Report,” illustrates the ongoing danger Federal agencies face from insider threats and the work agencies need to do to protect data.
In the past year, 45 percent of Federal IT managers say their agency has been a target of an insider threat, according to the report, and 29 percent of agencies suffered a loss of data because of an insider threat during the same time period.
“The number that scares me is the 29 percent,” said Rob Potter, vice president of public sector and healthcare for Symantec, which sponsored the report.
The other finding in the report that should raise alarm, Potter said, is that 34 percent of agencies can’t tell what data they lost.
The survey of 150 Federal IT managers also found that:
- 45 percent of agencies can’t tell whether a document has been shared appropriately.
- 40 percent of Federal IT managers say unauthorized employees access information they shouldn’t at least weekly.
- 40 percent use endpoint encryption agency-wide.
- 39 percent offer employees annual, in-person security training.
Are agencies doing enough to protect data? It doesn’t look like it, Potter said.
“The data still has to have policy and enforcement around it,” he said. ”We need to look at putting controls around data.”
Today, agencies appear to be more focused on network security, Potter said. That’s likely due to cybersecurity breaches like the historic Office of Personnel Management (OPM) theft and the pressing need to keep hackers out. Hackers stole the personnel records of 4.2 million people on December 15, 2014. Separately, an estimated 21.5 million current and former Federal employees also had personal data stolen.
After the OPM breach, Federal CIO Tony Scott ordered agencies to engage in a 30-day “Cybersecurity Sprint” to boost security. Potter said at least one element of the Scott’s mandate to improve cybersecurity overall could also improve data security – better access controls through stronger authentication. The use of two-factor authentication across all agencies increased as a result of the sprint, improving from 42 percent of users to 72 percent.
“For those agencies not using two-factor authentication before, the sprint helped,” Potter said. “But I’m not sure it’s completely solved.”
Download “Inside Job: The Federal Insider Threat Report” to examine:
- The most common insider threats agencies face today
- Strengths and weaknesses of insider threat programs
- How agencies can reduce the risks and consequences of insider threats