Slashdot Mirror

← Back to Stories (view on slashdot.org)

Report: Federal Workers, Contractors Behind Half of Government Cyber Breaches

Posted by samzenpus on from the who's-to-blame dept.

schwit1 writes Federal employees and contractors are unwittingly undermining a $10 billion-per-year effort to protect sensitive government data from cyberattacks, according to a published report. The AP says that workers in more than a dozen agencies, from the Defense and Education departments to the National Weather Service, are responsible for at least half of the federal cyberincidents reported each year since 2010, according to an analysis of records.

3 of 61 comments (clear)

  1. About right by kilfarsnar · · Score: 4, Interesting

    The statistic I have always heard is that 60% of intrusions are internal. So 50% of breaches coming from employees sounds about right. It's a lot easier to steal stuff if you have a key. And as we have learned again over the past 6 years or so, the best way to rob a bank is to own one.

    --
    "What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
    1. Re:About right by khasim · · Score: 3, Interesting

      It doesn't even have to be that intentional. From TFA:

      They have clicked links in bogus phishing emails, opened malware-laden websites and been tricked by scammers into sharing information.

      One was redirected to a hostile site after connecting to a video of tennis star Serena Williams.

      People are usually the weakest link in a security system.

      And it does not sound like that security system is very well designed in the first place.

  2. Re:It's a problem, but not just the feds: by mysidia · · Score: 3, Interesting

    Businesses (hey there Home Depot!) won't implement basic security measures to prevent data theft. Data security is a serious issue that needs to be addressed

    Yes... PCI was a start, but we need new regulations; first of all, Businesses should be liable for costs to consumers resulting from breaches. There should also be a statutory liability for not being able to prove to within certain standards to consumers and independent auditors that their information is secure and has not been leaked.

    In the event a customer's information gets leaked; the burden of proof should rest on the business.

    And companies that collect SSNs or other PII that can be used to conduct ID theft should be required to take out an insurance policy to cover at least a portion of their potential liability.

    They should be required to have 3rd party independent oversight, and there should be a fine for failures to comply, money which should be distributed to the affected customers, AND there should be a bounty for the company overseeing them spotting an error.