Are Federal Govt. IT Pros Overconfident About Cybersecurity?

IT professionals in the federal government may be overestimating their ability to recognize and respond to insider threats and privileged access abuse, according to a recently released report from endpoint detection and response provider Tripwire, Inc.

The Tripwire study evaluated the confidence of IT professionals regarding the efficacy of seven key security controls required by many compliance regulations, including PCI DSS, SOX, NERC CIP, MAS TRM, NIST 800-53, CIS Top 20 and IRS 1075.

The study was conducted for Tripwire by Dimensional Research, who interviewed 763 IT professionals across various industries, including 103 participants from federal government organizations. Obviously, that’s a pretty small sample size, but regardless, the facts that emerged are disconcerting, to say the least.

The Privileged Identity Perception Gap

Most cybersecurity pros can tell you that Privileged Identity Management (PIM)— the monitoring and protection of privileged user accounts— is one of the most important aspects of Identity and Access Management, and cyber security writ large. Just take a detailed look at some recent data breaches and chances are high the malicious party used a compromised privileged account to increase their permissions.

And yet nearly one-third (thirty percent) of federal government respondents to Tripwire’s survey disclosed they are not able to detect every non-privileged user’s attempt to access files. Despite this, seventy-three percent of federal government respondents assume their system would generate an alert or email within hours if a user inappropriately accessed file shares. Verizon’s 2016 DBIR reported that seventy percent data breaches caused by insider misuse took weeks, or even years, to detect.

Perhaps more shocking, despite this obvious shortfall, seventy-three percent of federal government respondents assume their system would generate an alert or email “within hours” if a user inappropriately accessed file shares.

Contrary to this perception, Verizon’s influential 2016 Data Breach Intelligence Investigations Report (DBIR) found  that seventy percent data breaches caused by insider misuse took weeks, or even years, to detect.

In fact, according to the DBIR, the public sector reported more security incidents than any other industry in 2015 with privileged access misuse and non-malicious events making up nearly half (forty-six percent) of the reported incidents.

“More and more, information security is about protecting sensitive data,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “Federal government agencies have a gap in identifying when data is accessed and how it’s shared. We can expect more breaches to occur until these gaps are addressed.”

Seventy-eight percent of federal government respondents believe they could detect new devices on their network within hours. However, over half (fifty-two percent) of the respondents do not know exactly how long the detection process would take.

Tripwire’s survey also discovered that fifty-eight percent of federal government respondents say their automated tools do not pick up all the necessary information, such as the locations and departments, needed to identify unauthorized configuration changes to endpoint devices.

Fore more statistics and key takeaways from the report, check out the infographic below: