Federal government IT pros 'overconfident' in insider threat detection

Federal government IT professionals are overconfident in their ability to detect insider threats, endpoint security firm Tripwire said on Tuesday.

Analysing the confidence of IT experts regarding their efficiency in seven key security controls, it polled 763 professionals from various industries.

Almost a third said they would not be able to detect every time a non-privileged user attempted to access files. Almost three quarters (73 per cent) assume their system would generate an alert or email within hours if a user inappropriately accessed file shares.

“More and more, information security is about protecting sensitive data,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “Federal government agencies have a gap in identifying when data is accessed and how it’s shared. We can expect more breaches to occur until these gaps are addressed.”

Respondents working in the government sector also said they could detect a new device on the network within hours, while 52 per cent said they couldn't know for sure just exactly how long the process would take.

More than half (58 per cent) said their tools don't gather all the information needed. A quarter said the patching process does not include validation of patch success on all target systems.

“Authorization creep is something many organizations fail to address,” said Travis Smith, senior security research engineer for Tripwire. “As employees change roles or are promoted, their roles and responsibilities change; as does their access to confidential information. Protecting confidential information is more than reviewing access denied attempts; employees may be abusing authorized access as well. Following these recommended controls and continuous monitoring over critical and/or confidential information is vital to reduce the likelihood or impact of insider threat.”