From the Inside Out
Government information technology managers shoring up their network and data security had best take a close look inside their organizations, warns the National Association of State CIOs.
The brief identifies five top sources of insider threats:
- malicious employees;
- inattentive, complacent or untrained employees;
- contractors and other providers of outsourced services;
- insufficient IT security, compliance, oversight, authority and training; and
- the pervasiveness of technology.
Government information technology managers shoring up their network and data security had best take a close look inside their organizations, warns the National Association of State CIOs.
In a recent research brief, “Insider Security Threats: State CIOs Take Action Now,” NASCIO cautions that government agencies may be in more jeopardy from inside threats than companies face from their employees. The reason: Government employees must be mindful of security concerns while working in an environment that stresses transparency.
NASCIO notes that the widespread use of technology makes it difficult to protect against every potential vulnerability.
The brief offers advice on how to protect against the threats. Some of its recommendations include running background checks for new employees, stepping up security training, and monitoring access to networks and data repositories.
“You inherently trust employees, but state governments possess an incredible amount of information on everybody, some that people don’t give voluntarily as they would in the private sector. We have a responsibility to protect it in every way, inside and out,” says Nebraska CIO Brenda Decker, co-chairwoman of the NASCIO Security and Privacy Committee.
Inside attacks have the potential to be the most dangerous to an agency, says Mary Gay Whitmer, NASCIO’s senior issues coordinator. “Insiders are already within the firewall and within the system. Someone with malicious intent, especially with technical knowledge, can cause real damage.”
To read the full brief, visit www.nasico.org and click on Publications & Research.