Insider Threat is a Growing Problem in Government: Are We Overlooking?

Cybersecurity has become a top priority for government, yet research shows that “Government” is one of the most vulnerable sectors when it comes to insider threats. Often action comes quite late and signs remain unreported for years either due to unwillingness or inability of colleagues to accept any such possibility.

A 2015 survey by Symantec revealed that If IT administrators in government organizations do not terminate network access quickly enough, the results could be disastrous. The survey reported that nearly 45% of federal departments were targeted by insider threats over the year, with 29% losing data as a result.

Over the years, even though data loss prevention has become a more sophisticated technology, aimed at preventing data breaches, insider threat has continued to evolve into a more complex problem. This is because technology adoption in government is not just slow and tedious, but also requires considerable amount of training for successful enforcement.

There are 4 key challenges that government organizations need to address for better management of their data security strategies.

1.Infrastructure is Under-Equipped

The budget allotted to government IT departments has always been frugal in comparison to other sectors. The IT systems that are operational are thus neither modern nor updated. Budget constraints often result in usage of old, obsolete hardware and software that are not equipped to handle the more complicated data breaches.

2.Technology Purchase is a Slow Process

Process of purchasing technology is often slow and lengthy. Various factors such as RFP, bidding, political environment, preferred vendor etc. influence the purchase decision and by the time the purchase gets approved, the ordered technology itself becomes out dated.

3.Stealth IT is Creeping in

Easy availability of cloud offerings and bring-your-own-device (BYOD) have resulted in shadow/ stealth IT coming into practice. Employees often resolve to solutions that they think would be the best, resulting in sporadic practices where data might not be properly managed or protected. This results in exposure to unauthorized people.

4.Compliance is Becoming Complex

Government organizations need to meet major compliance regulations such as FISMA, NIST 800-53, FIPs (up to level 3) and Common Criteria. Depending on the sector they operate in, compliance with HIPAA-HITECH and PCI DSS is also required. Regular training and education is essential for organizations to meet these complex compliance requirements.

Keeping in mind the above stated challenges, Zecurion has identified some best practices to minimize the risk of internal threats. These are:

1.Early Detection through Proactive Monitoring

Having efficient algorithms and rules for the network helps detect early if personally identifiable information (PII) is being accessed without proper authorization. Many automated tools are available today that can discover any such breach at the initial stage itself. And early detection can thwart data loss incidents.

2.Comply with FedRAMP for Secure Cloud Adoptio

Old, redundant legacy systems being used are primitive. And IT budgets are limited. Therefore implementing cloud solutions that have enhanced security features will be both cost effective and agile. Government organizations that adopt cloud need to comply with FedRAMP.

3.Encryption is a Must-Have

Government organizations are mandated to have encryption. Solutions that encrypt information on hard drives, disk arrays and SAN storage through sophisticated cryptographic techniques, protect sensitive information whenever physical control of the media is impossible.

4.Multilayer Security Authentication

Multilayer security authentication is a must. Options for finger print, retina test or scanning of a smart card should be added to regular password options to establish identity of the actual user. User role needs to be identified comprehensively, and accordingly the extent of authorization should be granted.

5.Update Security Patches Frequently

Antivirus and firewalls should not be outdated or obsolete. The software should be current and running 24/7 365 days without failure. Still just deploying antivirus is not enough. Securing the endpoints is equally important to prevent data loss.

6.Set Up Dedicated Risk Assessment Team

The executive team should have a formal dedicated risk assessment team to look into various techniques, procedures, and access points from where the PII leaves the system. The team may pose as insider threat actors and hackers, play bad cop and come up with customized solutions and risk mitigation plans to protect against breaches.

7.Implement Incident Response Plan

Drawing up an efficient incident response plan helps in mitigating and containing the aftermath. This is very important for the reputation of the organization. When reputation is at stake, having a robust plan that streamlines what needs to be done, when and how, saves time, money and credibility.