This article is an excerpt from GovLoop’s report titled “Insider Threats: The Danger Within.” Download the full report here.
“Insider threat” is an ambiguous phrase, as it denotes any individual with access to an organization’s insider information. Insiders can intentionally harm their agencies, or they may do so unknowingly. The term also fits outside parties like business associates and contractors. People who feel safe from insider threats are often confused about what the term means, leaving them unaware they’re in danger.
To better understand the current climate, GovLoop partnered with IBM, a leader in mitigating and protecting against insider threats, for this research brief. In the following pages, we analyze a survey of 170 federal employees about their views on insider threats and share solutions to better protect against them. We also spoke with IBM experts, including Ian Doyle, Business Unit Executive, Cybersecurity Strategic Growth Initiatives; John McLaughlin, Executive Security Architect; and Tim McMillan, Executive Security Strategist.
GovLoop surveyed 170 federal employees about the perceptions of insider threats and how their agencies are protecting against them. The results reveal a federal workforce that could improve its understanding of the challenge.
Seventy percent said that their agency had never experienced an attack or breach related to an insider threat, while 30 percent said that their organization had suffered one. This result surprised Doyle, who suggested respondents are unaware of the frequent danger facing them or don’t fully know what encompasses an insider threat.
“An insider threat is something that hurts the organization,” he said. “It’s not something that you want making the front page of the news. If something is found, it’s taken care of quickly, discretely and with as minimal impact as possible.”
Thirty-seven percent of those who had experienced an insider threat ranked a malicious outsider or contractor as their agency’s biggest challenge. Thirty-five percent chose unintentional employee actions, and 28 percent said a malicious employee.
Despite these statistics, 54 percent said insider threats are not a rising challenge at their organization, while 46 percent said they are.
Sixty-one percent said that dealing with insider threats is a priority at their agency, while 39 percent said that it’s not.
“What that’s really telling us is that 39 percent are operating below the bar on insider threats,” Doyle said. “You should always strive for 100 percent.”