Though malicious outsiders always pose a threat, the experts from Symantec, Agiliance and SecureForce who spoke at today's GovWin Virtual Executive Roundtable agreed that the majority of security breaches are caused by well-meaning insiders.
"Most data breaches are caused by well-meaning insiders such as employees losing laptops, sending out inadvertent communications or e-mails, not thinking about the right processes or steps for how to transmit encrypted or secure data," said Tiffany Jones, Director of Public Sector Strategy and Programs at Symantec.
As the recent Wikileaks data breach demonstrates, IT professionals must be prepared to prevent and deal with situations caused by individuals who have proper access and abuse it. Webinar attendees agreed that inside threats are a serious issue: Over 70 percent of respondents to an in-webinar poll said that inside threats are more serious than external threats.
Malicious insiders -- usually disgruntled or compromised employees -- and outside attackers are also constant threats to both private-sector and government networks.
A range of vital components is needed to combat cybersecurity threats, including continuous monitoring, controls, improved user behavior, baseline scanning and intelligent security policies. "You can't secure what you can't manage," said Jones.
Just as importantly, controls must be repeatable and able to be automated at agencies and in vendor solutions.
According to Mike Saintcross, Director of Federal and Mid-Atlantic Sales at Agiliance, continuous monitoring, which consists of technology that gives constant awareness of risks and security on networks, is "finally maturing across most agencies."
Continuous monitoring is essential for detecting threats that come from both outside and inside the network, since most well-intentioned users who cause security breaches do so by violating policies (e.g., losing laptops, writing down passwords).
Other factors that play a large role in appropriate security are context and prioritization. "If you're getting lots of notifications about a vulnerability that turns out to be in a component that's five firewalls deep, it may not actually be that big a risk," said Stefen Smith, Chief Security Officer at SecureForce.
Cybersecurity and the Cloud
The government is moving quickly to set standards and requirements and place massive amounts of data into the cloud. "The government wants to see the economy of scale provided by these services," Saintcross said. From a security perspective, the cloud is also attractive in some ways: For example, the computers of employees using a cloud-based virtual desktop would only need to have patches and updates applied once.
However, "high side" or classified data will likely remain in traditional facilities or, at most, in a private cloud.
Saintcross and Jones laid out some of the most important factors in purchasing cloud services from a security perspective, whether you're in the government or private sector:
- Make intelligent decisions about what components of your business to put in the cloud. "It's about my data: how it can be used, how it can be secured in the cloud, and that determines the applicability. Is that service able to go out in the cloud?" said Saintcross.
- Ask questions of potential providers such as "Is my data segregated from other customers' data?" Will you have the appropriate ownership, visibility and control to effectively manage and secure your data?
- Ensure that the cloud services you're buying are provided by one vendor, not two or more. It's easier to hold one provider responsible for data loss or breaches than a coalition or middleman.
- Be aware that paying a bit more for services with better security is well worth the investment.
- Look into new services that allow on-demand encryption and keys restricted to one person, so only you can un-encrypt your data.
Download the presentation slides
Read the full article here