recommended reading

Beware the Unwitting Insider Threat

Andrea Danti/

Rank-and-file federal employees and contractors unwilling to “embrace ‘The Suck’ of security” may be the biggest threat posed to securing federal agency networks.

“Accidental or careless” insiders -- employees who click on dubious email attachments, plug in unsecured storage devices or leave laptops unsecured, among other lapses in basic cyber hygiene -- unwittingly open the door to hackers and other malicious actors.

In a new survey conducted by SolarWinds and Market Connections, 53 percent of IT decision-makers cited these unwitting insider threats as the biggest source of security threats they face. That’s up from the 42 percent who said so in a similar survey last year and higher than any other category of threat.

A focus on insiders intentionally breaching security protocols -- or worse -- has grown in recent years fueled by the WikiLeaks and Edward Snowden disclosures.

But the role played by the accidental insider threat remains less understood, even as the potential for destruction, in the eyes of IT managers, continues to grow.

About 64 percent of survey respondents said they view insider threats as just as damaging, if not more so, than malicious outsiders. Just considering insider threats, 57 percent of respondents said they considered accidental breaches caused by insiders to be at least as damaging as those caused by malicious insiders.

So what exactly are these inadvertent insider threats doing that puts their workplaces at risk?

About half of survey respondents cited phishing attacks as the top cause of accidental insider breaches. Another 44 percent cited data copied to insecure devices, while 37 percent pointed to employees using personal devices against in contravention of their agency’s IT policies and poor password management.

“Interestingly, we have positioned ourselves relatively strongly against external threats, but it is the accidental or malicious insider threat which has caused us more problems,” a respondent identified as a director of operations at the Defense Contract Management Agency is quoted as saying in the report accompanying the survey results.

Another respondent offered a more succinct summation of the problem.

“The people just need to get used to ‘The Suck’ of security,” a defense coordinating officer for the Army said. “It will take time to work in an environment which is designed to protect the organization and the individual.”

Federal employee are likely used to being bombarded with emails from their IT shops exhorting them not to open suspicious links.

Still, insider threats remain difficult to detect.

Forty percent of respondents cited the sheer volume of network activity, another 35 percent pointed to a lack of IT training and 35 percent cited the growing use of cloud services as reasons for the difficulty in pinpointing suspicious insider activity -- intentional or not.

The deployment of mobile devices in the workplace has also made securing against accidental insiders more difficult. Fifty-six percent of respondents cited the increased use of mobile technology as the biggest barrier to preventing well-intentioned but hapless insider threats.

IT managers also say their agencies aren’t necessarily ready to shell out more money to combat accidental insiders.

Spending on traditional cybersecurity measures, such as intrusion-detection and prevention systems, remains big bucks. Some 70 percent of respondents said their agencies had actually increased spending on fighting hackers and other outside cyber miscreants.

But less than half of respondents said their agencies had done the same for combating the insider threat.

The survey results probably aren’t all that earth-shattering for federal IT managers.

At a cybersecurity conference in Washington, D.C., last month, Jeff Wagner, security operations manager at the Office of Personnel Management, recounted once virtually monitoring a user who was “desperately trying” to open an email attachment flagged by the agency’s intrusion-prevention system as a phishing attempt.

The user eventually disconnected from the virtual-private network linking her computer to the agency’s cyber-defense measures, opened the link and promptly got infected.

"I will have a job until the end of time simply because I have users,” Wagner said.

(Image via Andrea Danti/

Threatwatch Alert

Network intrusion / Software vulnerability

Hundreds of Thousands of Job Seekers' Information May Have Been Compromised by Hackers

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.