External hacking is the top cybersecurity threat plaguing federal agencies, according to a new poll of over 200 IT security professionals conducted by SolarWinds, an IT management software firm.
Chris LaPoint is Vice President of Product Management at SolarWinds. He told Chris Dorobek on the DorobekINSIDER program that people are usually the weak link when it comes to cybersecurity.
“External hacking is really the top cybersecurity threat plaguing federal agencies,” said LaPoint.
But, said LaPoint, agency insiders can be nearly as damaging as external attackers, and should be a top concern for agencies as well.
While 47 percent of respondents said the general hacking community is first to blame for cybersecurity breaches, careless and untrained insiders are a close second (42 percent in the poll), indicating that insiders may inadvertently pose nearly as many risks as deliberate, malicious hackers.
Additionally, 53 percent of poll respondents named careless and untrained insiders their top security threat sources — more so than foreign governments (48 percent) and terrorists (31 percent). Another 26 percent said malicious insiders endanger their own agencies.
“People are people, right? Whether they’re trained and really understand what it means to treat sensitive information in an appropriate way, or whether they just don’t know, and they inadvertently expose sensitive information to people that they shouldn’t — I think that’s the biggest challenge,” said LaPoint.
Maintaining federal cybersecurity also comes with a whole host of other challenges than external and internal threats, LaPoint explained.
Budget constraints are the single most significant obstacle to maintaining or improving IT security, said 40 percent of respondents. Other obstacles represent internal organizational challenges like competing priorities (19 percent) and complex internal environments (14 percent).
Hindrances to implementing the appropriate IT security tools include lack of budget (63 percent) and organizational issues or “turf battles” (42 percent), as well as cost concerns for maintenance, upgrades and training.
Part of the challenge now that government is laying mobile over the older cybersecurity issues is that all of a sudden data can literally be in your hand. The risks of a breach go way up.
“Whether it be bring your own device for the organizations and agencies that allow it, or whether it just be rogue devices that are showing up on agency networks, I think that is definitely a huge security issue,” said LaPoint.
But LaPoint emphasized that people are what agencies have to focus on when it comes to cybersecurity threats.
“My biggest takeaway is the notion that people are the biggest cybersecurity threat, especially insiders,” said LaPoint. “The next step is: how can you combine initiatives, working with the IT Operations team, to figure out how you leverage data you already have?”