October 07, 2019
A New Defense Against Insider Threats
Federal agencies face a serious challenge as they seek to protect data from attacks within the enterprise.
The cybersecurity threats that government agencies — and all organizations, really — face today are vastly different from those of just a decade ago. Cybercriminals are more organized than ever, and state-sponsored adversaries can draw on vast financial, human and technical resources as they carry out their attacks. Plus, the origin of many threats that agencies and other organizations face has changed; in a chilling number of cases, the attacks are coming from inside the agency.
The news is littered with reports of devastating attacks carried out by insiders, the most prominent being Edward Snowden’s 2013 theft of information from the National Security Agency. Indeed, a 2018 report on insider threats by Crowd Research Partners notes that 90 percent of organizations feel vulnerable to insider attacks. Agencies also must deal with aggressive, sophisticated attacks from advanced persistent threats (APTs) which work stealthily to advance their objectives while escaping notice.
As they strive to protect data from a variety of threats, agencies cannot afford to take a purely preventative approach to security. Instead, they should shift to one that assumes that some attacks will be successful. This strategy involves shifting resources to cybersecurity incident detection and response strategies designed to identify potential intrusions and react to them promptly in an effort to contain the damage and quickly restore secure operations.
Tools and Strategies to Address Modern Attacks
Agencies adapting their cybersecurity strategies to these new threats have some useful tools at their disposal. One of the most effective of these tools is the National Institute of Standards and Technology’s Risk Management Framework, which provides a model for integrating cybersecurity activities into routine management activities. The document provides a high-level framework for these activities while referencing other NIST special publications that provide additional implementation details.
With regard specifically to insider threats, the interagency National Insider Threat Task Force developed an Insider Threat Program Maturity Framework designed to assist agencies in assessing the effectiveness of their own insider threat programs. The framework serves as a useful guide for agencies to assess the effectiveness of their own insider threat controls.
Organizations also have numerous technology solutions that can help them to safeguard their systems and data from threats, both within and outside the organization. These include network access control solutions, security assessment tools, email security solutions and endpoint security products.
A New Tool for Cybersecurity
CDW has also developed a proprietary solution to help agencies and other organizations protect their data. This solution, the Security Management Infrastructure (SMI), helps agencies combat insider threats and other serious cybersecurity risks by providing them with an integrated stack of security technologies designed to work together to meet specific security needs. This approach seeks to achieve continuous monitoring of an agency’s security environment, allowing prompt detection and response to cybersecurity risks.
SMI relies on a resilient computing solution that can be deployed either on-premises or in a virtual cloud, and that supports a virtualized platform upon which other components reside. The nerve center of these components is a security information and event management (SIEM) package that receives information from other SMI components, correlates those reports and provides real-time reporting on the organization’s security status. The SIEM tool integrates with other components, such as virus detection, change management, application management and other security tools. These components can be deployed flexibly to meet an organization’s specific needs.
As agencies and other organizations take steps to keep pace with evolving cybersecurity threats, including insider attacks and advanced persistent threats, they’ll need to adapt with new strategies and advanced solutions.
This blog post brought to you by: