Government IT pros overconfident about detecting insider threats
Federal government IT professionals are overconfident in their ability to detect insider threats, endpoint security firm Tripwire has found. Analyzing the confidence of IT experts regarding their efficiency in seven key security controls, it polled 763 professionals from various industries.
Almost a third say they would not be able to detect every time a non-privileged user attempted to access files. Almost three quarters (73 percent) assume their system would generate an alert or email within hours if a user inappropriately accessed file shares.
"More and more, information security is about protecting sensitive data", says Tim Erlin, director of IT security and risk strategy for Tripwire. "Federal government agencies have a gap in identifying when data is accessed and how it’s shared. We can expect more breaches to occur until these gaps are addressed".
Respondents working in the government sector also say they could detect a new device on the network within hours, while 52 percent say they couldn’t know for sure just exactly how long the process would take.
More than half (58 percent) say their tools don’t gather all the information needed. A quarter say the patching process does not include validation of patch success on all target systems.
"Authorization creep is something many organizations fail to address", says Travis Smith, senior security research engineer for Tripwire. "As employees change roles or are promoted, their roles and responsibilities change; as does their access to confidential information. Protecting confidential information is more than reviewing access denied attempts; employees may be abusing authorized access as well. Following these recommended controls and continuous monitoring over critical and/or confidential information is vital to reduce the likelihood or impact of insider threat".
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.