Biggest source of DOD’s cyber threats: inept co-workers by Kevin McCaney.
From the post:
Defense Department IT professionals are nearly as concerned about internal threats as they are external hacking of their networks — and most concerned about careless or poorly trained insiders as a source of threats, according to a recent survey by SolarWinds, an IT management software provider.
In the survey, which addressed cybersecurity threats and preparedness across the federal government, 41 percent of DOD respondents named insider data leakage/theft as a threat, not far below the 48 percent who identified external hacking.
And although those responses may have come with the disclosures of Edward Snowden and Chelsea Manning in mind, it seems inept co-workers, rather than intentional leakers, are the biggest concern. Fifty-three percent of DOD respondents cited careless/untrained insiders as a source of security threats, more than foreign governments (48 percent), terrorists (31 percent) or the general hacking community (35 percent). Malicious insiders weren’t left out, however, being cited by 26 percent of respondents.
At first blush, this post seems to support the Torkington Conjecture I posted about recently. That “stupid” users are the cause of computer security woes.
Actually, if computer systems were designed with security in mind, even “stupid” users would not be the source of security breaches.
For example, take the classic case of a user posting their passwords on sticky notes to their monitor. Very, very bad practice. Yes?
OK, but if the network is configured to allow access by that user during specified hours and only from their computer, what do you think the odds are of a unknown hacker sitting at their computer trying to hack the system?
If you don’t plan for security, it should come as no great surprise that you have no security.