Accidental breach is top cyber threat concern
- By Mark Rockwell
- Jan 28, 2015
What: "SolarWinds Federal Cybersecurity Survey 2015"
Why: Don't discount bumbling when it comes to federal agency cybersecurity breaches, says a new survey of government IT managers.
A study by software management provider SolarWinds found that careless and untrained federal users are the greatest source of cybersecurity threats, topping hackers and terrorists.
In a blind survey in December, SolarWinds and Market Connections asked 200 IT managers at federal, military and intelligence agencies about their biggest cybersecurity concerns, obstacles to threat prevention and where they were investing their security budgets.
The survey found that insider threats were the most prevalent and damaging to federal agencies. More than half of those questioned, 53 percent, said careless and untrained insiders were their biggest cybersecurity headache, up from 42 percent in a study from a year ago.
Forty nine percent of the federal IT professionals polled said the top cause of accidental insider breaches was phishing attacks, followed by data copied to insecure devices at 44 percent, accidental deletion or modification of critical data at 41 percent, and use of prohibited personal devices at 37 percent.
Respondents said focused, intentional insider attacks were a great concern. The study said almost two thirds, 64 percent, of the federal IT professionals polled said intentional malicious insider attacks were as damaging as or more damaging than malicious external threats, such as terrorist attacks or hacks by foreign governments. Almost 60 percent, however, said breaches caused by accidental or careless insiders could be as damaging as or more damaging than those caused by malicious insiders.
Despite the insider threats, some agencies continue to give priority to preventing external malicious threat sources. The survey found that, although 69 percent of agencies increased spending over the past two years to address malicious external threats, only 46 percent did so for malicious insider threats, and only 44 percent did so for accidental insider threats. Nine percent of agencies even decreased their investment to prevent insider threats.
Verbatim: "The increased use of mobile technology is noted as the top obstacle for preventing threats, although there are multiple significant differences seen among the different types of threats."
Full report: Read the report here.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at [email protected] or follow him on Twitter at @MRockwell4.