How to Stop Insider Threats at Your Agency


With headlines blaring questions about emails, servers and the like, there is no escaping that insider issues, including mistakes and mishaps, are of paramount concern. Our national security is at stake, making it imperative that federal IT managers keep their networks on lockdown – even from threats that come from within.

In fact, for the third year in a row, SolarWinds’ annual cybersecurity survey of federal IT managers listed “careless and untrained insiders” as a top cybersecurity threat, tying “foreign governments” this year at 48 percent. That’s pretty staggering when you stop to think about it. External threats may be more sensational — the sophisticated hackers who troll our networks phishing for a way in are often the headline-grabbers — but for many federal network administrators, the biggest threat may be sitting right next to them.

Cloud migration is making things even more challenging and is leading to even greater need for security measures and heightened worries over the potential mishandling of information. As our research has shown, rather than shift all resources to the cloud, many agencies are adopting hybrid IT strategies, where some data is hosted and the rest is kept on-premises, in order to maintain some control over their most sensitive data.

It’s imperative that agencies gain complete visibility into both off-and on-site applications and data. They need processes and tools that allow them to view network performance, traffic, and configuration details pertaining to all user devices, whether they are on-premises, in the cloud, or across hybrid environments. In other words, they’ll need clear insights into the darkened pathways that exist between on-premises and hosted locations to ensure that the data that’s passed between them remains secure and properly managed.

To combat internal threats in any IT environment, hybrid or otherwise, you should focus your attention on implementing a combination of tools, procedures, and good old-fashioned information sharing.

Our survey respondents identified tools pertaining to identity and access management, intrusion prevention and detection, and security information and log and event management software as “top tier” tools to prevent both internal and external threats. Each of these can help network administrators automatically identify potential problems and trace intrusions back to their source, whether that source is a foreign attacker or simply a careless employee who left an unattended USB drive on their desk.

Some 16 percent of the survey respondents cited “lack of end-user security training” as a significant cause of increased agency vulnerability. This should be a simple fix that all too many managers seem to put off, but with threats evolving, they need to place it right at the forefront of their security plans. IT personnel should be trained on technology protocols and the latest security initiatives. They should be made fully aware of the dangers, costs and threats posed by accidental misuse of agency information, mistakes and employee error. That information should trickle down to all agency employees, who must be acutely aware of the risks that carelessness can bring.

While a majority of agencies (55 percent) feel that they are just as vulnerable to attacks today as they were a year ago, the survey indicates that more feel they are less vulnerable (28 percent) than more vulnerable (16 percent), hence the need to make policies a focal point to prevent network risks. These policies can serve as blueprints that outline agencies’ overall approaches to security, but should also contain specific details regarding authorized users and the use of acceptable devices. That’s especially key in this new age of bring-your-own-anything.

Finally, remember that security starts with you and your IT colleagues. As you’re training others in your organization, take time to educate yourself. Read up on the latest trends and threats. Talk to your peers. Visit online forums. And see how experts and bloggers (like yours truly) are noting how the right combination of technology, training, and policies can effectively combat cybersecurity threats.

Joe Kim is part of the GovLoop Featured Blogger program, where we feature blog posts by government voices from all across the country (and world!). To see more Featured Blogger posts, click here.

Leave a Comment

One Comment

Leave a Reply

Dovell Bonnett

Technology, training and policies all are important and needed. But also look at the root cause — the management of those policies.

For example I deal in the world of cybersecurity and password management. You can’t imagine how many times I hear or read another claim to “Kill Passwords.” Passwords are not going away for a very long time. Even Capt. Kirk in the 23rd century required a password before self-destructing the Enterprise.

In many cases employees have been placed into the de facto job title of Network Security Administrator. Think about it, who generates a password – The employee. Who has to remember the password – The Employee. Who has to type in that password – The Employee. And who manages all their passwords – The Employee. These are all password management problems and not about the viability password authentication.

Throwing more training, products and policies at the problem will only go so far. One also has to figure out what is the larger goal, and is it a management problem or an operational one.