Accidental and On-Purpose Insider Threats in Federal Agencies Still Raging
September 28, 2015
The article on Eweek titled Insider Threats a Major Security Issue for Federal Agencies looks at the recent results of a MeriTalk survey investigating federal response to insider threats through interviewing federal IT managers. The results are shocking, with almost 30% of agencies acknowledging data lost to an insider threat in the last year and half of respondents claiming that unauthorized personnel commonly fail to observe protocols. Even worse, most agencies have no tracking in place to recognize what a staffer may have seen or shared, making them virtually incapable of following up on risky behavior in their employees. The article says,
“The most startling finding from the survey is the fact that 45 percent of agencies say they’ve been a target of an attack – malicious or unintentional – yet 50 percent still say employees do not follow all the protocols in place,” Steve O’Keeffe, founder of MeriTalk…”There is also a lack of agreement on the best solution. Frequent, hands-on employee training is the key to preventing these incidents, as well as accountability. However, we are all human and people make mistakes.”
O’Keefe recommends the immediate and comprehensive adoption of better encryption and two-factor authentication to address the issue. But perhaps equally important is continuously updated training, and ongoing training, to avoid the common accidental insider threats.
Chelsea Kerwin, September 28, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph