Survey Finds Insider Threat as Biggest Concern

A survey released today by IT management software firm SolarWinds finds that Federal IT professionals view unintentional insider threat as the most significant source of security threats.

The survey, which reached 200 Federal professionals, found that careless and untrained insiders were cited by 56 percent of respondents as one of the greatest sources of security threats, followed by foreign governments at 52 percent and general hacking at 48 percent. SolarWinds notes that the concern over these top threats has risen in the past year, compared to the company’s 2017 survey.

“The risk posed by careless untrained insiders and foreign governments is at an all-time high, yet for the most part, IT pros feel like their agencies are doing good jobs with their IT security. In particular, they believe that government mandates and investments in training are paying dividends,” said Jim Hansen, vice presidents of products, security, and cloud at SolarWinds.

Join MeriTalk for an engaging half-day discussion on priority cloud computing issues and trends Read more
The survey also finds that 51 percent see greater IT security risks with contractors, mostly due to accidental data exposure and a lack of understanding of IT security policies and procedures. Among the biggest impediments to improving security across the Federal government are budget constraints (25 percent), the complexity of the internal environment (21 percent), and competing priorities (17 percent).

Among the other findings, the Framework for Improving Critical Infrastructure Cybersecurity from the National Institute of Standards and Technology (NIST) won praise as the most helpful policy in helping agencies manage risk, with 60 percent seeing it as helpful compared to 20 percent who saw it as a challenge. It was followed closely by FISMA standards, which 55 percent of respondents saw as helpful, and 26 percent saw as a challenge.

The survey also included comments from IT pros, who expressed their frustrations on security policies.

“Interest in IT security occurs only after an incident. Then after the dust settles (investigations, reviews, numerous warning and alert memos), it’s back to the same business as usual. No true concrete steps are taken, in my opinion,” said one executive at the Bureau of Alcohol, Tobacco, and Firearms.

Recent