A survey of federal IT managers shows that while insiders pose a bigger danger, cybersecurity funding is targeted at exterior threats.
What: "SolarWinds Federal Cybersecurity Survey 2015"
Why: Don't discount bumbling when it comes to federal agency cybersecurity breaches, says a new survey of government IT managers.
A study by software management provider SolarWinds found that careless and untrained federal users are the greatest source of cybersecurity threats, topping hackers and terrorists.
In a blind survey in December, SolarWinds and Market Connections asked 200 IT managers at federal, military and intelligence agencies about their biggest cybersecurity concerns, obstacles to threat prevention and where they were investing their security budgets.
The survey found that insider threats were the most prevalent and damaging to federal agencies. More than half of those questioned, 53 percent, said careless and untrained insiders were their biggest cybersecurity headache, up from 42 percent in a study from a year ago.
Forty nine percent of the federal IT professionals polled said the top cause of accidental insider breaches was phishing attacks, followed by data copied to insecure devices at 44 percent, accidental deletion or modification of critical data at 41 percent, and use of prohibited personal devices at 37 percent.
Respondents said focused, intentional insider attacks were a great concern. The study said almost two thirds, 64 percent, of the federal IT professionals polled said intentional malicious insider attacks were as damaging as or more damaging than malicious external threats, such as terrorist attacks or hacks by foreign governments. Almost 60 percent, however, said breaches caused by accidental or careless insiders could be as damaging as or more damaging than those caused by malicious insiders.
Despite the insider threats, some agencies continue to give priority to preventing external malicious threat sources. The survey found that, although 69 percent of agencies increased spending over the past two years to address malicious external threats, only 46 percent did so for malicious insider threats, and only 44 percent did so for accidental insider threats. Nine percent of agencies even decreased their investment to prevent insider threats.
Verbatim: "The increased use of mobile technology is noted as the top obstacle for preventing threats, although there are multiple significant differences seen among the different types of threats."
Full report: Read the report here.