Insider Threat to Systems Growing

A survey of 200 federal government, military and intelligence information technology and information technology security professionals shows that staff members pose a larger threat to computer systems than external threats. Respondents also noted that while most agencies increased their investment in addressing malicious external threats during the past two years, less than half added funding to address malicious or accidental insider threats. In some cases, investments in battling insider threats have decreased.

In the U.S. Defense Department, 55 percent of the survey participants identified careless and untrained insiders as the greatest source of IT security threats at their agencies. Of all the respondents, 66 percent believe malicious insider threats to be as damaging or more damaging than malicious external threats to defense agencies’ systems.

"Interestingly, we have positioned ourselves relatively strongly against external threats, but it is the accidental or malicious insider threat which has caused us more problems,” commented one respondent from the Defense Contract Management Agency. “People do what they want to do, and there are so many people … who view security as interference and also have some skills to successfully work around security protocols."

Nearly half of respondents said government data is most at risk of breach from employees' or contractors' desktops or laptops. Top causes of accidental insider breaches include phishing attacks, data copied to insecure devices, accidental deletion or modification of critical data and use of prohibited personal devices.

SolarWinds in conjunction with Market Connections conducted the survey. The full results are available online.