Careless and untrained insiders identified as top source of security threats to federal agencies, but concern and investment still focused on malicious external threat sources; SolarWinds examines policies, processes and threat prevention tools to address lack of internal visibility
HERNDON, Virginia – January 26, 2015 – SolarWinds (NYSE: SWI), a leading provider of powerful and affordable IT performance management software, today announced the results of its cybersecurity survey, in which federal IT Professionals exposed a need for internal cybersecurity threat prevention. Respondents identified careless and untrained insiders as their greatest source of cybersecurity threats – over malicious external sources such as hackers and terrorists – yet disparately reported that malicious external threat sources maintained priority for threat prevention investment.
In December 2014, Market Connections, a leading government market research provider, in conjunction with SolarWinds conducted its second annual blind survey* of 200 IT and IT security decision makers in the federal government, military and intelligence communities in an effort to uncover their most critical IT security challenges and to determine how to make potential security threats visible so IT can confront them. Respondents weighed in on top cybersecurity threat sources, obstacles to threat prevention, necessary tools for threat prevention, and their concerns, investment and policies regarding cybersecurity.
Insider threats now most prevalent and damaging to government agencies
Investment in insider threat prevention falls short
“Contrasting the prevalence of insider IT security threats against a general lack of threat prevention resources and inconsistently enforced security policies, federal IT Pros absolutely must gain visibility into insider actions to keep their agencies protected. However, given the unpredictability of human behavior, the ‘Why?’ of those actions is an elusive query,” said Chris LaPoint, group vice president of product management, SolarWinds. “Fortunately, there are IT management solutions that can help identify Who is doing What, and even point to Where and When, empowering federal IT Pros to isolate the threats and address them before the agency’s security is in peril.”
Solution: Identify and thwart malicious insider activity
“Pointing to hackers, terrorists or foreign governments as the top threats to our government’s security seems obvious, especially given the hype that surrounds huge corporate hacks and acts of terrorism. Even intentional insider security breaches such as Edward Snowden’s raise valid concerns and demand prevention investment. But who could imagine that their own colleagues could accidentally cause security breaches with comparable impact to those executed with malicious intent? Still, data loss can easily become data stolen, and agencies that ignore these accidental insider threats may well be doing so to their own detriment.”
“Interestingly we have positioned ourselves relatively strongly against external threats, but it is the accidental or malicious insider threat which has caused us more problems. People do what they want to do and there are so many people (particularly younger) who view security as interference and also have some skills to successfully work around security protocols.”
“Our security holes begin at the top. [Senior management expects] that they are protected and they are above any security holes - to the effect, they insist on admin rights to network resources. The administration supports this view and turn a ‘blind eye’ to the risk.”
“SolarWinds’ survey delves into the sources and types of threats posing critical cybersecurity challenges to federal IT agencies and whether or how agencies are reacting. Federal IT Professionals can benefit from this research by shifting their perspectives on monitoring their IT infrastructures to ensure they can identify internal and external threat sources and secure the appropriate resources to mitigate them quickly.”
SolarWinds Solutions for Government
*In December 2014, Market Connections surveyed 200 IT security professionals in federal government and military service in conjunction with SolarWinds. Full survey results are available upon request.
SolarWinds (NYSE: SWI) provides powerful and affordable IT management software to customers worldwide from Fortune 500 enterprises to small businesses. In all of our market areas, our approach is consistent. We focus exclusively on IT Pros and strive to eliminate the complexity that they have been forced to accept from traditional enterprise software vendors. SolarWinds delivers on this commitment with unexpected simplicity through products that are easy to find, buy, use and maintain while providing the power to address any IT management problem on any scale. Our solutions are rooted in our deep connection to our user base, which interacts in our thwack online community to solve problems, share technology and best practices, and directly participate in our product development process. Learn more today at http://www.solarwinds.com/.
SolarWinds, SolarWinds & Design, Mobile Admin, Kiwi CatTools, Kiwi Syslog, Dameware, Web Help Desk and thwack are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other company and product names mentioned are used only for identification purposes and may be or are intellectual property of their respective companies.
© 2015 SolarWinds Worldwide, LLC. All rights reserved.