Inside Out: Cyber Threats from all Directions

Summer’s almost over. But hackers never go out of season.

IRS. OPM. Cyberattacks on Federal networks are a big deal and require a lot of attention – and budget – from agency CIOs. Federal CIO Tony Scott mandated over the summer that agencies shore up their networks, policies, and procedures to defend their networks from cyberattacks.

But have cyberattacks also caused agencies to ignore the insider threat and data protection?

A new report from MeriTalk, “Inside Job: The Federal Insider Threat Report,” illustrates the ongoing danger from insider threats.

In the past year, 45 percent of Federal IT managers say their agency has been a target of an insider incident, and nearly one in three (29 percent) say their agency has lost data to an insider incident during that same period, according to the report.

So, why does the problem exist?

Agencies aren’t always helping themselves, according to the report:

  • 46 percent of agencies employ two-factor authentication across the agency
  • 40 percent use endpoint encryption agency-wide
  • 39 percent offer employees annual, in-person security training

When it comes to data, the findings are more startling:

  • 45 percent of agencies can’t tell whether a document has been shared appropriately
  • 40 percent of Federal IT managers say unauthorized employees access information they shouldn’t at least weekly
  • 34 percent of agencies can’t tell what data they lost

Federal IT managers can do more to educate employees and protect their agency’s data:

  • 65 of Federal IT managers say it is common for employees or contractors to email documents to personal accounts
  • 51 percent say it is common for employees or contractors not to follow appropriate protocols

The good news? Awareness of insider threats has increased – 76 percent of Federal IT managers say their agency is more focused on insider threats than they were a year ago.

The Federal Cybersecurity Sprint helped improve security by increasing the use of security measures like two-factor authentication. But that was about shoring up problems with network access, not about protecting data.

So agencies still have work to do – inside and out – to make sure their data remains safe. All year around.

Read the full report for more details.

And let us know – does your agency have a formal insider threat program?


Feel like sharing something Noteworthy? Post a comment below or email me at

Bill Glanz is the content director for MeriTalk and its Exchange communities. In the past 14 years, he has worked as a business reporter, press secretary, and media relations director in Washington, D.C.