This week – in conjunction with MeriTalk – we released “Inside Job: The Sequel – The 2017 Federal Insider Threat Report,” which surveyed 150 Federal IT managers to find out where agencies stand on insider threat protection. What’s working? What’s not? What are the challenges and solutions?
First, the good news: 85 percent of respondents say their agency is more focused on combating insider threats today than one year ago (up from 76 percent in 2015). In addition, most agencies are formalizing their efforts – 86 percent say they have a formal insider threat prevention program, a big jump up from just 55 percent in 2015.
But, despite these efforts, the rate of cyber incidents perpetrated by insiders isn’t really going down. Forty two percent of agencies report incidents over the last year, compared to 45 percent in 2015. And, almost a quarter of respondents say their agency has lost data to a cyber incident perpetrated by insiders in the past 12 months.
Why aren’t we seeing more progress? Well, as agencies are working to address the problem, the problem is getting more complex as boundaries dissolve, and more systems and information move to the cloud. Indeed, 59 percent of respondents say the growing number of cloud-based systems has made insider threats more difficult to detect – due to increased complexity, endpoint monitoring challenges, lack of preventative measures, and difficulty implementing and enforcing identity and access management policies.
It’s a big challenge, but agencies don’t need to reinvent the wheel. Addressing insider threats should be a subset of their overarching cyber security program. The NIST Cybersecurity Framework (CSF) – now mandated with last week’s signing of the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure – can help agencies identify gaps in cyber readiness that are not easily identified by their current process. To address these gaps, agencies should look for tools that satisfy other CSF areas, apply policy universally, and support a variety of on-premises, hybrid, and cloud environments.
To learn more about our recent research, download the “Inside Job” report here.