recommended reading

Beware the Unwitting Insider Threat

Andrea Danti/

Rank-and-file federal employees and contractors unwilling to “embrace ‘The Suck’ of security” may be the biggest threat posed to securing federal agency networks.

“Accidental or careless” insiders -- employees who click on dubious email attachments, plug in unsecured storage devices or leave laptops unsecured, among other lapses in basic cyber hygiene -- unwittingly open the door to hackers and other malicious actors.

In a new survey conducted by SolarWinds and Market Connections, 53 percent of IT decision-makers cited these unwitting insider threats as the biggest source of security threats they face. That’s up from the 42 percent who said so in a similar survey last year and higher than any other category of threat.

A focus on insiders intentionally breaching security protocols -- or worse -- has grown in recent years fueled by the WikiLeaks and Edward Snowden disclosures.

But the role played by the accidental insider threat remains less understood, even as the potential for destruction, in the eyes of IT managers, continues to grow.

About 64 percent of survey respondents said they view insider threats as just as damaging, if not more so, than malicious outsiders. Just considering insider threats, 57 percent of respondents said they considered accidental breaches caused by insiders to be at least as damaging as those caused by malicious insiders.

So what exactly are these inadvertent insider threats doing that puts their workplaces at risk?

About half of survey respondents cited phishing attacks as the top cause of accidental insider breaches. Another 44 percent cited data copied to insecure devices, while 37 percent pointed to employees using personal devices against in contravention of their agency’s IT policies and poor password management.

“Interestingly, we have positioned ourselves relatively strongly against external threats, but it is the accidental or malicious insider threat which has caused us more problems,” a respondent identified as a director of operations at the Defense Contract Management Agency is quoted as saying in the report accompanying the survey results.

Another respondent offered a more succinct summation of the problem.

“The people just need to get used to ‘The Suck’ of security,” a defense coordinating officer for the Army said. “It will take time to work in an environment which is designed to protect the organization and the individual.”

Federal employee are likely used to being bombarded with emails from their IT shops exhorting them not to open suspicious links.

Still, insider threats remain difficult to detect.

Forty percent of respondents cited the sheer volume of network activity, another 35 percent pointed to a lack of IT training and 35 percent cited the growing use of cloud services as reasons for the difficulty in pinpointing suspicious insider activity -- intentional or not.

The deployment of mobile devices in the workplace has also made securing against accidental insiders more difficult. Fifty-six percent of respondents cited the increased use of mobile technology as the biggest barrier to preventing well-intentioned but hapless insider threats.

IT managers also say their agencies aren’t necessarily ready to shell out more money to combat accidental insiders.

Spending on traditional cybersecurity measures, such as intrusion-detection and prevention systems, remains big bucks. Some 70 percent of respondents said their agencies had actually increased spending on fighting hackers and other outside cyber miscreants.

But less than half of respondents said their agencies had done the same for combating the insider threat.

The survey results probably aren’t all that earth-shattering for federal IT managers.

At a cybersecurity conference in Washington, D.C., last month, Jeff Wagner, security operations manager at the Office of Personnel Management, recounted once virtually monitoring a user who was “desperately trying” to open an email attachment flagged by the agency’s intrusion-prevention system as a phishing attempt.

The user eventually disconnected from the virtual-private network linking her computer to the agency’s cyber-defense measures, opened the link and promptly got infected.

"I will have a job until the end of time simply because I have users,” Wagner said.

(Image via Andrea Danti/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.