How Agencies Can Stay Ahead of Insider Threats

In the wake of numerous cyber attacks and data breaches, cybersecurity remains a top priority for the federal government.

But, building a unified security strategy is not always easy, says Rob Potter, Vice President for Public Sector and Healthcare at Symantec. Along the path to unified security, he says, agencies frequently encounter funding, cost of implementation, or ongoing management and operational issues.

And, the threat level is only growing — a new Symantec report shows there are more than one million new malware threats released per day. Agencies must adequately fund cybersecurity in order to drive intelligence on cybersecurity and threat protection. In addition, Potter says, government and industry need to do a better job of collaborating and sharing specific types of threat information.

“Agencies best protect their systems when they can communicate and discover potential risks,” Potter notes. “It’s about giving people the resources to effectively go out there and implement the procedures in their environment.”

While funding is a big hurdle, Potter says agencies should also keep in-mind the cost of implementation. That means thinking ahead on a cybersecurity strategy and being able to quickly turn the policies of government into actionable results, he says.

To better anticipate operational costs, Potter suggests agencies conduct an assessment that can identify where data resides and who is using it. Especially now, data storage can take place in many different environments, including traditional on-premise and newer off-premise solutions, such as cloud. Security compromises can happen when data is not encrypted or access points to data are left open. 

“In many breach situations, the data remains open because agencies build data protection around the data,” Potter says. “But, what is needed is a technology to monitor who touches the data, and how it’s used. That’s where the real insider threat resides. It’s often the user that you trust — either one who misuses their privileges or one you think you can trust but who actually has a compromised identity.”

One way agencies are addressing insider threats is through multifactor authentication, a technology that requires more than one method of user identification to verify a login. Things like personal identity verification (PIV) cards help ensure that access points are secure and still open to privileged users.

Ultimately, government’s cybersecurity strategy has to start to resemble a layered and unified approach, Potter says. It also has to run and protect the endpoint, which is the main challenge today for agencies that typically operate around a mobile and dispersed workforce.

“Keep in mind that information resides and connects from many places,” Potter says. “Things like a mobile device can make changes to the flow of larger government IT operations, and then network solutions will not protect you.”

To learn how agency leaders are reexamining their cybersecurity strategies and protecting against insider threats, watch this Nextgov viewcast on cybersecurity vulnerabilities.

This content is made possible by our sponsor. The editorial staff of Nextgov was not involved in its preparation