How to prepare your network for the unexpected
In the past, cybersecurity threats were thought to come solely from malicious activity outside the organization, so agencies focused on protecting sensitive information from foreign governments, hackers and more. Today, however, careless or untrained employees are just as dangerous to network security as malicious threats.
In fact, according to the results of SolarWinds' third annual federal Cybersecurity Survey, 48 percent of federal IT pros cited careless/untrained insiders as one of the greatest sources of IT security threats to their agency -- the third consecutive year insider threats topped the list. This year those insiders tied foreign governments as the largest source of security threats for federal agencies. Also, many security breaches were reported to have been caused by human error, phishing and malware.
Sources of security threats
|General hacking community
For federal security pros, this means protecting the network is that much harder. Not only must agencies continue to mitigate threats from foreign governments and hacktivists, but they must also protect the network from agency personnel -- which can be a far more unpredictable challenge.
Expecting the unexpected
User error is nothing new; federal IT pros have been dealing with this since the first bits passed over the first pulled wires. The challenge is that careless users are not getting any more careful, yet the information and data they can access is that much more personal and, in some cases, critical to the agency mission.
What’s the solution? While there is no one single answer, federal IT pros have found that a combination of products presents a formidable security barrier. In fact, most respondents to the aforementioned survey said they use an average of five different tools, together, to get the job done. Among the most valuable solutions cited were:
- Smart card/common access card
- Identity and access management
- Patch management
- Configuration management
- Security information and event management (SIEM)
- Web application management
Of these tools, users reported three as being particularly effective:
- Patch management software decreased the time to detect and respond to IT security incidents. Agencies using patch management software are far more likely to detect -- within minutes -- rogue devices, denial of service attacks and unauthorized configuration changes.
- Configuration management software also cut response time for security incidents.
- SIEM tools helped agencies detect phishing attacks within minutes as well as almost all threats presented within the survey.
At the end of the day, federal IT pros understand that users will not change, and threats will continue to escalate. The solution is to evolve agency IT security practices to expect the unexpected and implement the most effective combination of tools to create the strongest security posture possible.
Joe Kim is executive vice president engineering and global CTO at SolarWinds.