This article is an excerpt from GovLoop’s recent guide, “Understanding the Dangers to Your Cybersecurity.” Download the full guide here.
Agencies at every level are facing a growing number of diverse cyberthreats. According to SolarWinds’ 2019 Federal Cybersecurity Survey, 56 percent of federal government IT leaders consider careless or untrained insiders the most significant threat to their organizations. Fifty-two percent, meanwhile, said that foreign governments are the primary menace to their agencies.
To learn how agencies can best defend themselves against cyberthreats, GovLoop sat down with Mav Turner, VP of Product Strategy at SolarWinds. SolarWinds works with DLT, a government solutions aggregator, to offer IT management and monitoring solutions for government networks, applications, cybersecurity and more.
“The foreign government risk has continued to rise substantially over the five years since SolarWinds began conducting this survey,” Turner said. “Insiders continue to be a threat from a malicious perspective, but they’re also something foreign governments can leverage to have a successful attack.”
Foreign governments target American agencies for reasons including economic and military competition. Insider threats, meanwhile, are anyone with access to an organization’s internal assets.
Turner said that insider threats are especially hard to predict as they can be permanent employees, contractors or temporary employees. Insider threats can also act accidentally or intentionally, making them even more confusing.
“To minimize the risk from insider threats, ensure that employees can only access systems within the scope of their responsibilities,” he said.
The survey wasn’t all doom and gloom. In fact, respondents noted three areas that are helping them better manage their cybersecurity risks: government mandates, employee training programs and IT security tools.
Turner noted that cybersecurity mandates – such as the Federal Information Security Management Act (FISMA) – help agencies improve their security posture by providing practical best practices and allowing agencies to prioritize how to have the biggest impact on their mission.
Training was another area that respondents noted. “Training isn’t just onetime employee onboarding training,” Turner said. “It’s also quarterly and annual trainings that are tailored to specific job roles and educate employees on how to identify and respond to a variety of attacks.”
The final area that helped respondents detect and prevent attacks was IT security tools. Turner recommends that agencies combine patch management, security information and event management (SIEM) and access rights management tools to ward off cyberthreats. Patch management tools ensure that agencies’ can address software vulnerabilities without spending a lot of time applying and tracking patches manually. Access rights management, meanwhile, monitors user access permissions and access rights to files and systems to prevent data loss and security breaches. SIEM tools, finally, make it easier to use event logs to detect suspicious activity and demonstrate mandate compliance.
“The key thing is knowing what data you are collecting, who has access to it and ensuring it’s secure,” Turner said. “SolarWinds brings these tools together so you have a holistic view of your security posture and can quickly detect and respond to threats.”