Mobile Phones – Cyber Security Threat Within US Department of Defense

Cyber Security Threat

A recent whitepaper on cyber security in the US government reveals that that the increasing number of mobile phones being used within federal agencies is escalating the risk of cyber threat from inside agencies. It also cites employees as the key to insider threats, and recommends that more money be spent addressing this issue.

Titled Cybersecurity in the Federal Government, the report commissioned by management software company, SolarWinds tackles the many challenges IT professionals currently face trying to prevent both external and internal IT security threats and attacks. It also suggests ways that Government and the private sector can help to mitigate the growing risks of cyber attack.

 

Based on a study undertaken by the North American communications company, Market Connections, the whitepaper explores growing “insider threats” within the Federal IT community, acknowledging that this type of threat is the most damaging, and currently creating the greatest concern within government. It looks at the impact of mobile devices as an increasing insider threat; and examines investment trends that are moving toward attempting to mitigate insider threats. It also considers insider threat prevention techniques and tools cyber security managers within government are able to implement.

The increasing use of mobile technology was cited as “the top obstacle for preventing insider threats” within federal agencies. A total of 56 percent of participants in the study believed the mobile devices were an obstacle when it came to preventing accidental cyber threats; and 44 percent said it was an obstacle for preventing malicious threats. A third of those involved in the study believed that agency data on government-owned mobile devices was most at risk. By comparison, only 29 percent were worried about contractor- or employee-owned devices.

According to Joel Dolisy, CIO of SolarWinds, the concerns regarding mobile devices are likely to increase as federal agencies implement more bring-your-own-device programs. “This shift in technology at work will likely contribute to the increased risk from insiders,” he said. Further, because federal agencies generally see external threats as a greater risk, internal threats don’t attract the same resources as external threats, he said.

Insider Threats

 

The study was commissioned in December last year (2014) to assess just how much hacking comes from malicious outsider attacks and how much is due to insider threats. While federal agencies spend a vast amount of money preventing attacks from outside – especially those identified as originating in other countries including China and Russia – those managing cyber security within US federal agencies have been concerned for some time about insider threats.

It followed a previous study earlier in the year, which revealed that because people are so unpredictable, whether through malicious intent or human error, they pose a “damaging threat” to government agency cyber security defenses.

According to the US Defense Contract Management Agency (DCMA)’s director of operations, the Department of Defense has positioned itself quite strongly against external cyber threats, but malicious or accidental insider threats have caused more problems. This was largely because people within agencies largely “do what they want” and see security as a form of interference, he said. Additionally, some of the younger employees have “skills to successfully work around security protocols.

While more than half of respondents in the study believed that insiders were the biggest security threat to federal agencies, 38 percent were convinced that whether from external or external sources, malicious threats were the most damaging breach suffered. A total of 23 percent said malicious insiders were the biggest cyber security threat of all.

Primary security threats cited were:

  • The general hacking community (46 percent)
  • Foreign governments (38 percent)
  • Hacktivists (30 percent)

When asked where data was most at risk, 47 percent said personal computers, and 42 percent said removable storage media.

Ultimately, the study cited a simple solution to addresses insider threats. Agencies must know what devices are used on their networks as well as who is using them and when they are using them. They also need to establish what is being used in the network operation, and whether it is virtual, mobile or desktop based.

Internal threats will continue to exist as long as agencies continue to employ people, so agencies need to make at least an equal investment in addressing insider threats,” the report states.

By Penny Swift

Data Fallout.png
Byod.png
David Fletcher Blown Image
Growing Up.png
Rakesh Soni
5 Common Myths About Cloud Computing Cloud computing has offered new horizons to businesses embarking on a digital transformation journey. However, no matter how appealing, it’s also a reason to worry. With cloud computing, businesses ...
Louis
Why cybersecurity spending Is resilient Cybersecurity tech stacks must close the gaps that leave human and machine endpoints, cloud infrastructure, hybrid cloud and software supply chains vulnerable to breaches. The projected fastest-growing areas of cybersecurity ...
Sofia Jaramillo
Augmented Reality in Architecture Augmented reality (AR) is a growing field of study and application in the world of architecture. This useful tool can help us visualize architectural designs by superimposing them onto real-world scenes ...
Dmitry Chekalin
How Much Should a Modern Website Cost? A website is a valuable instrument for growing your business. Your website presents your brand to users. Also, it compels your prospects to become your customers. So, how ...
Jen Klostermann
The Fintech Landscape The Nitty Gritty Although the COVID-19 pandemic has highlighted its existence, most of us have been using fintech in some form or another for quite some time. It’s a big part of ...
  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.