New research conducted by the Associated Press revealed this week that the greatest threat to U.S. government networks may actually be federal employees themselves.
According to the report, which analyzed government records on data breaches, federal employees are responsible for at least 50 percent of all U.S. government cyber intrusions reported in the last four years. Information used in the research was obtained through dozens of Freedom of Information Act requests and interviews with security experts both inside and outside of the government.
Based on a White House review discovered by the AP, these types of employee-caused incidents are referred to as "own-goal" intrusions, and they are caused by a variety of policy and security lapses. Government workers "have clicked links in bogus phishing emails, opened malware-laden websites and been tricked by scammers into sharing information," according to the research.
For instance, 8 percent of security breaches were caused by an employee installing malicious software onto a device connected to a federal network. Twelve percent were a result of sensitive data being mishandled, and 21 percent stemmed from an employee who violated a security policy.
Federal security breaches on the rise
Reported breaches on federal networks rose over 40 percent between 2009 and 2013, according to a U.S. Computer Emergency Readiness Team report cited by the AP. Last year, nearly a quarter of a million cyberattacks were experienced by federal agencies and government contractors. In order to combat this, the U.S. government spends $10 billion annually on keeping sensitive federal information safe. However, all the money in the world won't keep data secure if inside actors continually make foolish cyber decisions like opening unfamiliar emails or losing work devices connected to a privileged network.
"Certainly, mistakes happen all the time," said Ernest McDuffie, director of the National Initiative for Cybersecurity Education, in an interview with Nextgov. "We're all human beings and everybody's guilty clicking of that bad email … So, the best mitigation factors against those types of activities are constant training and awareness. What do you do with your workforce to make sure that they understand what the threats are that are out there and what they can do to mitigate against those threats?"
While employee education is one of the best ways to prevent security intrusions on sensitive networks, it can take a long time and lots of money to sufficiently teach workers proper cyber behavior, and privileged systems and data remain at risk in the meantime. To combat the effects of both internal and external threats, organizations should consider implementing a security information and event management solution.
A managed SIEM service enables IT decision-makers to have around the clock monitoring of sensitive networks and receive actionable threat intelligence based off of analyzed event activity. No matter where a breach originated, a SIEM solution will detect the malicious behavior and alert security staff, creating a more robust defense strategy and better protecting important data.