Cybersecurity, State and Local Government, Virtualization

Managing Threats from the Inside

threatsWith more and more agencies going paperless and moving to virtual storage infrastructures, organizations have to bolster their security strategies and learn how to anticipate future attacks. While this has typically meant fortifying network firewalls and securing the cyber perimeter, San Francisco’s FiberWAN data breach showed us in 2008 that threats are not always originating from external sources. In San Francisco’s case, network administrator Terry Childs reset administrator passwords and locked government leaders and other agency officials out of the department’s data storage system. Fortunately for the city, access was regained and what could have become a devastating breach was eventually resolved without major ramifications. While an extreme case, defending against the malicious insider is  lesson which suggests that government organizations should shift their attention to building formidable security protocols against potential internal security risks.

Insider threats can be both deliberate and unintended. Unfortunately, the unintentional threats can cause just as much damage as the intended ones and are often much more difficult to anticipate and therefore prevent. These unintentional threats can stem from a variety of activities – accidentally posting sensitive information publically, losing or inadvertently discarding records, or having laptops and cellphones, which act as data storage devices, stolen. A user can also unintentionally become an open door for malicious code and spyware entering the network through phishing schemes.

Despite an increased understanding of risk, the volume of cyberattacks per year is steadily increasing. Malicious code tops the list of the most potentially dangerous attack vectors, according to a majority of state Chief Information Security Officers. For the most part, awareness and intention of identifying and preventing insider threats is a part of many state and local agency’s cyber strategies; however, budgeting restrictions often prevent more thorough cybersecurity tools. An alternative to expensive cybersecurity programming is implementing proactive policies within an organization to reduce the possibility of threats. Some are these proactive actions include:

  • Cleaning up access: Make sure that only the people who need access have access to sensitive documents.
  • 2FA: Two factor authentication, or multi-factor authentication, is the preferred logon method because the user has an extra step of identity verification to gain access.
  • Automate where possible: Making responses to various incidents automatic ensures the risk is quickly managed and reduces potential for further human error.

However, the burden of increased security does not rest solely on the IT teams. To successfully avoid internal threats posed by employees and contractors, hiring managers must be able to quickly identify warning signs during the on-boarding process, whether in the candidates’ behavior or in their background and reference check. This will prevent a candidate likely to commit an intentional security threat to an organization from being hired. It can also be used to identify the type of careless behavior that will result in an unintentional breach.

Industry leaders have been working to adapt their best practices at the same pace that cyber attackers are adjusting their methods to avoid being caught. What state and local leaders need to realize is that cybersecurity is more than just powerful firewalls and recovery processes from external sources; the threat is often already lurking within the gates of the firewall. Being able to identify and prevent potential insider security threats is a crucial step that must be considered in order to guarantee well-rounded risk mitigation.

To learn more about how cybersecurity is changing in state and local organizations in the age of the insider threat, check out this research brief from VMware.

Related Articles