Nearly One-Third of Feds Unable to Detect an Insider Intrusion, Survey Says

Andrea Danti/Shutterstock.com

Federal employees might be overconfident about their IT systems' intrusion detection ability.

Almost one-third of federal IT professionals say they can't spot every unauthorized attempt to access files, a new survey finds. 

Tripwire, an endpoint security company, surveyed 103 federal IT professionals about their confidence in their organization's security. Of those, about 30 percent reported they couldn't track each nonprivileged user's access attempts. 

About 73 percent of respondents said they thought their organization had systems that would generate an email notification within hours of an intrusion -- but Verizon's most recent Data Breach Investigation Report suggests 70 percent of insider breaches could take weeks or years to detect. 

Almost half of reported data breach incidents result from the misuse of privileged access to files, as well as nonmalicious events, that report found.

About 58 percent of federal respondents told Tripwire their technology could not pick up important details about incidents, including the location or the user's department, which would be essential to locating unauthorized actions on devices. 

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

And almost half -- 48 percent -- of respondents said it takes more than 15 to 30 days to fix vulnerabilities once detected. 

Employees retaining and abusing access to old credentials, even after they change roles, is often known as "authorization creep," according to Tripwire. Organizations concerned about cybersecurity should analyze authorized users' behavior, in addition to the attempts to access files that were denied, Tripwire's security research engineer Travis Smith said in a statement.