Mobile Phones – Cyber Security Threat Within US Department of Defense

Cyber Security Threat

A recent whitepaper on cyber security in the US government reveals that that the increasing number of mobile phones being used within federal agencies is escalating the risk of cyber threat from inside agencies. It also cites employees as the key to insider threats, and recommends that more money be spent addressing this issue.

Titled Cybersecurity in the Federal Government, the report commissioned by management software company, SolarWinds tackles the many challenges IT professionals currently face trying to prevent both external and internal IT security threats and attacks. It also suggests ways that Government and the private sector can help to mitigate the growing risks of cyber attack.

 

Based on a study undertaken by the North American communications company, Market Connections, the whitepaper explores growing “insider threats” within the Federal IT community, acknowledging that this type of threat is the most damaging, and currently creating the greatest concern within government. It looks at the impact of mobile devices as an increasing insider threat; and examines investment trends that are moving toward attempting to mitigate insider threats. It also considers insider threat prevention techniques and tools cyber security managers within government are able to implement.

The increasing use of mobile technology was cited as “the top obstacle for preventing insider threats” within federal agencies. A total of 56 percent of participants in the study believed the mobile devices were an obstacle when it came to preventing accidental cyber threats; and 44 percent said it was an obstacle for preventing malicious threats. A third of those involved in the study believed that agency data on government-owned mobile devices was most at risk. By comparison, only 29 percent were worried about contractor- or employee-owned devices.

According to Joel Dolisy, CIO of SolarWinds, the concerns regarding mobile devices are likely to increase as federal agencies implement more bring-your-own-device programs. “This shift in technology at work will likely contribute to the increased risk from insiders,” he said. Further, because federal agencies generally see external threats as a greater risk, internal threats don’t attract the same resources as external threats, he said.

Insider Threats

 

The study was commissioned in December last year (2014) to assess just how much hacking comes from malicious outsider attacks and how much is due to insider threats. While federal agencies spend a vast amount of money preventing attacks from outside – especially those identified as originating in other countries including China and Russia – those managing cyber security within US federal agencies have been concerned for some time about insider threats.

It followed a previous study earlier in the year, which revealed that because people are so unpredictable, whether through malicious intent or human error, they pose a “damaging threat” to government agency cyber security defenses.

According to the US Defense Contract Management Agency (DCMA)’s director of operations, the Department of Defense has positioned itself quite strongly against external cyber threats, but malicious or accidental insider threats have caused more problems. This was largely because people within agencies largely “do what they want” and see security as a form of interference, he said. Additionally, some of the younger employees have “skills to successfully work around security protocols.

While more than half of respondents in the study believed that insiders were the biggest security threat to federal agencies, 38 percent were convinced that whether from external or external sources, malicious threats were the most damaging breach suffered. A total of 23 percent said malicious insiders were the biggest cyber security threat of all.

Primary security threats cited were:

  • The general hacking community (46 percent)
  • Foreign governments (38 percent)
  • Hacktivists (30 percent)

When asked where data was most at risk, 47 percent said personal computers, and 42 percent said removable storage media.

Ultimately, the study cited a simple solution to addresses insider threats. Agencies must know what devices are used on their networks as well as who is using them and when they are using them. They also need to establish what is being used in the network operation, and whether it is virtual, mobile or desktop based.

Internal threats will continue to exist as long as agencies continue to employ people, so agencies need to make at least an equal investment in addressing insider threats,” the report states.

By Penny Swift

James Corbishly
Teams Sprawl in the Remote Workspace As working from home has become the new everyday norm, with more employers embracing the remote-work model as a new and likely permanent fixture of the employment world, there ...
Drew Firment
Here’s How to Make Sure Your Skills are Cloud Ready This year will be a period of meteoric growth for the cloud industry. Research from Gartner suggests that global spending on public cloud services in ...
Cloudtweaks Comic Ai
How AI Is Important for Businesses Shifting to Remote Work The Coronavirus Pandemic has taught us that organizations must have remote work choices. It is no longer possible to work in a digital environment. The ...
Yuliya Melnik
Heroku or AWS Cloud infrastructures are gradually starting to penetrate into an increasing number of areas and various businesses. And this is not surprising because such a ploy allows you to improve internal processes, protect ...
Gary Bernstein
Using Data to Gain Advantages Data collection is now omnipresent in every sector of the global economy. Several aspects of modern economic activity would not be possible without it, just as it would not be ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.