Careless/Untrained Insiders are Biggest Threat

Sources of Security Threats

(NextGov) Rank-and-file federal employees and contractors unwilling to “embrace ‘The Suck’ of security” may be the biggest threat posed to securing federal agency networks.

“Accidental or careless” insiders — employees who click on dubious email attachments, plug in unsecured storage devices or leave laptops unsecured, among other lapses in basic cyber hygiene — unwittingly open the door to hackers and other malicious actors.

In a new survey conducted by SolarWinds and Market Connections, 53 percent of IT decision-makers cited these unwitting insider threats as the biggest source of security threats they face. That’s up from the 42 percent who said so in a similar survey last year and higher than any other category of threat. . . .

. . .  About 64 percent of survey respondents said they view insider threats as just as damaging, if not more so, than malicious outsiders. Just considering insider threats, 57 percent of respondents said they considered accidental breaches caused by insiders to be at least as damaging as those caused by malicious insiders.

So what exactly are these inadvertent insider threats doing that puts their workplaces at risk?

About half of survey respondents cited phishing attacks as the top cause of accidental insider breaches. Another 44 percent cited data copied to insecure devices, while 37 percent pointed to employees using personal devices against in contravention of their agency’s IT policies and poor password management.

“Interestingly, we have positioned ourselves relatively strongly against external threats, but it is the accidental or malicious insider threat which has caused us more problems,” a respondent identified as a director of operations at the Defense Contract Management Agency is quoted as saying in the report accompanying the survey results. . . . (read more)

Threats are Out There