Light Dark
November 12, 2015 By Douglas Bonderud 2 min read

External cyberthreats are on their way up. Just ask Target or the host of other companies that have been victimized by malicious actors. Government agencies aren’t immune: As noted by Wired, more than 5.5 million fingerprint records were recently stolen from federal employees. But according to a new memorandum from the Office of Management and Budget (OMB), the risk of an insider threat is also growing but is often overlooked. How do government CIOs and CISOs get a handle on extracurricular employee activities?

The Risk of an Insider Threat

While it’s easy to point the finger at external actors as the biggest problem in an organization’s cybersecurity plan, employees are often a far greater threat — some by malice, some through frustration and some purely by accident. SC Magazine recently spoke with RSA Chief Security Architect Rashmi Knowles, who argued that “people are the new perimeter” because, despite the growing number of malicious actors and easily accessible malware, “the weakest link in the chain is all of us.”

Data backs up the claim: SC Magazine noted that a Verizon study found that human error played a critical role in 66 percent of all network breaches. The problem? An insider threat is often seen as less serious than its external counterpart since it’s usually accidental or a one-off act committed by recently fired or chastised employees.

In a government setting, however, there’s a much higher likelihood that employees will have access to personal and confidential data, meaning that even an accidental data breach — such as losing a laptop or using a cloud service that isn’t approved by IT admins — could have serious consequences.

The same holds true for recently terminated employees. If IT admins don’t terminate network access quickly enough, the results could be disastrous. CSO Online, reporting on a recent Symantec survey, noted that 45 percent of federal departments were targeted by insider threats over the past year, with 29 percent losing data as a result.

Law of the Land?

Government agencies are waking up to the prospect of insider threats. The Symantec survey found that 76 percent of respondents have increased their focus on combating these threats over the last year and 55 percent already have a formal insider threat program in place. As noted by The Hill, legislation is also in the works to limit the risk of insider attacks. Homeland Security already has a new mandate from the House “to establish a program to identify and mitigate insider threats from rogue employees.”

The OMB’s plan, meanwhile, focuses on a combination of stronger identity and access management (IAM) through the use of personal identity verification cards along with improved employee training. Ken Durbin, the unified security practice manager for Symantec, noted that “training is most effective to better understand and prevent unintentional threat risks.”

CIOs and CISOs of government agencies now face a dual threat: external actors looking to steal agency data and internal personnel accidentally or deliberately exposing the department to greater cyber risk. A combination of legislation, authentication and training may help mitigate the problem, but there’s a higher-level takeaway here: Threats are threats regardless of origin or intention. Government security frameworks must be prepared to take on all comers.

 |  |  |  | 
Douglas Bonderud
Freelance Writer

More from

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

February 14, 2025

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature