Critical Read

After Snowden, what's changed (and what hasn't)

concept cybersecurity art

What: An independent survey of more than 100 U.S. defense contractors composed of IT and security administrators with top-tier access to either confidential, secret or top-secret information. The survey was commissioned by ThreatTrack Security, a Florida-based firm that specializes in helping organizations identify and stop advanced persistent threats (APTs) and targeted cyberattacks. The study was conducted by Opinion Matters, a market research company.

Why: The survey was done to ascertain what impact the disclosures by former National Security Agency contractor Edward Snowden have had on high-ranking IT officials employed by defense contractors.

The survey sheds light on how disruptive Snowden’s disclosures have been. Seventy –five percent of respondents said their companies’ cybersecurity practices were altered in at least one of the following ways:

  • 55 percent say their employees now receive more cybersecurity awareness training
  • 52 percent have reviewed or re-evaluated employee data access privileges
  • 47 percent are on higher alert for anomalous network activity by employees
  • 41 percent have implemented stricter hiring practices
  • 39 percent say their own IT administrative rights have been restricted

Several of the survey’s findings are particularly enlightening. Among them, 27 percent of respondents did not hold proper clearances to view secret, top-secret or confidential information yet were able to view that information anyway. That stat draws parallels to Snowden, a systems administrator who was able to access information that should have been outside his clearance to see.

However, 88 percent of respondents found a "high level of confidence" in government guidance regarding the protection of sensitive data. Despite that confidence, 62 percent still reported that they were concerned with their companies’ vulnerabilities to APTs, targeted malware attacks and sophisticated cybercrime and cyber-espionage tactics.

Respondents were particularly troubled by malware, citing high-volume and sophisticated malware attacks as major threats to defend against. Defense contractor IT managers revealed a device used by members of their senior leadership team became infected with malware due to executives:

  • Visiting a pornographic website (13 percent) – compared with 40 percent of other enterprises.
  • Clicking on a malicious link in a phishing email (40 percent) – compared with 56 percent in other enterprises.
  • Allowing a family member to use a company-owned device (14 percent) – compared with 45 percent in other enterprises.

Verbatim: "[Forty-four] percent of respondents said they have access to networks and databases that store confidential information. Of those, 27.3 percent have no security clearance at all, which raises a red flag. This means that like Snowden, they may have broad IT administrative privileges but without the proper security clearance. Regardless of what security clearances you have, access to privileged information ultimately may be the greatest risk for defense contractors looking to avoid another Snowden-like event. Further review of IT access privileges, therefore, may be in order."

About the Author

Frank Konkel is a former staff writer for FCW.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.