There was considerable discussion this past week in Houston at the American Petroleum Institute’s cybersecurity conference about what the inside threat means to the industry and one of the answers in resolving the issue is a well-trained security workforce, a new study found.
While malicious insiders are a significant concern, organizations are even more worried about the unintentional insider threat, according to the survey by the Fort Meade Alliance. While this report focused mainly on the government, you could apply the results across a spectrum of industries.
Government market research firm Market Connections Inc. conducted the online survey of 200 US federal government IT decision-makers to gauge their awareness and attitudes about a wide range of cybersecurity topics, including insider threat prevention.
More than half of respondents indicated that misuse is the top cyber threat to government agencies, according to the results of the survey. Concerns over misuse have risen significantly since 2012, from 40 percent to 52 percent.
The respondents also expressed concerns regarding phishing (49 percent), malware (47 percent), spam (42 percent) and data leakage (39 percent). In 2012, 59 percent feared malware attacks and 25 percent worried over cyber espionage, compared to 15 percent in 2013.
The survey results show that most respondents agree that lack of training is an obstacle to cyber threat prevention. While 70 percent of respondents say end users are aware of the security policies within their agencies, lack of cybersecurity training for employees and supervisors creates a significant obstacle to cyber threat prevention.
“Cybersecurity awareness training can help solve many of the challenges we face with protecting information technology assets and our government’s most sensitive information and mission-critical systems,” said Deon Viergutz, president of Ft. Meade Alliance and director of cyber operations for Lockheed Martin Information Systems and Global Solutions.
The survey also found defense agencies consider cybersecurity awareness training a greater priority than civilian agencies, with 71 percent of defense agencies indicating cybersecurity training is a top concern compared to only 55 percent of civilian organizations.
Overall, 61 percent of those surveyed named employee training as an investment priority with implementation of new policies (57 percent) close behind.