Insider Threat Scares DoD IT Pros

Friday, April 4, 2014 @ 04:04 PM gHale


Outside cyber attacks gain the most publicity, but internal incidents are just as worrisome, just ask the Defense Department (DoD).

What concerns DoD officials the most is careless or poorly trained insiders as a source of threats, one survey found, according to a survey by SolarWinds, an IT management software provider.

RELATED STORIES
Smart Grid; Vulnerable Grid
NIST Seeks Smart Grid Comments
Cyber Security Framework Released
NIST to Update Role-Based Security Training

In the survey, which addressed cyber security threats and preparedness across the federal government, 41 percent of DoD respondents named insider data leakage/theft as a threat, not far below the 48 percent who identified external hacking.

And although those responses may have come with the disclosures of Edward Snowden and Chelsea Manning in mind, it seems inept co-workers, rather than intentional leakers, are the biggest concern.

Fifty-three percent of DoD respondents cited careless/untrained insiders as a source of security threats, more than foreign governments (48 percent), terrorists (31 percent) or the general hacking community (35 percent). Malicious insiders were at 26 percent of respondents.

SolarWinds conducted the online survey earlier this year of 200 IT and IT security professionals in the federal government, 40 percent of whom worked in the military. The results showed similarities in the concerns of civilian and military agencies, as well as some notable differences.

Overall, the respondents were pretty confident in their IT defenses, with 94 percent rating their cyber security readiness as good or excellent (though more good, at 50 percent, than excellent, at 44 percent).

External hacking was the most common threat in the overall survey, with 50 percent of the respondents naming it, followed by malware (46 percent), social engineering (37 percent) and spam (36 percent), with similar results coming from civilian and Defense agencies.

Differences cropped up in a few areas, though. Only 21 percent of civilian respondents cited insider data leakage/theft as a threat, compared with DoD’s 41 percent. And twice as many civilian respondents (25 percent to 12 percent) named mobile device theft as a threat, perhaps reflecting the fact that DoD has to date eschewed the bring your own device trend. DoD respondents showed more concerned than their civilian counterparts about physical security attacks, 25 percent to 13 percent.

Click here to review the survey.



Leave a Reply

You must be logged in to post a comment.