Slashdot Mirror

← Back to Stories (view on slashdot.org)

Report: Federal Workers, Contractors Behind Half of Government Cyber Breaches

Posted by samzenpus on from the who's-to-blame dept.

schwit1 writes Federal employees and contractors are unwittingly undermining a $10 billion-per-year effort to protect sensitive government data from cyberattacks, according to a published report. The AP says that workers in more than a dozen agencies, from the Defense and Education departments to the National Weather Service, are responsible for at least half of the federal cyberincidents reported each year since 2010, according to an analysis of records.

4 of 61 comments (clear)

  1. About right by kilfarsnar · · Score: 4, Interesting

    The statistic I have always heard is that 60% of intrusions are internal. So 50% of breaches coming from employees sounds about right. It's a lot easier to steal stuff if you have a key. And as we have learned again over the past 6 years or so, the best way to rob a bank is to own one.

    --
    "What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
  2. Re:turn off autoplay by ShanghaiBill · · Score: 4, Informative

    If you don't want to watch 4 unrelated videos at once, turn off autoplay before visiting the sites in the summary.

    Also, you don't need to click both links, since they are the exact same story, word for word. One is the AP report, the other is the Fox News verbatim repost of the AP report.

  3. CyberThis, CyberThat, CyberCommand by Cid+Highwind · · Score: 5, Insightful

    Dear US military and federal contracting wanker-sphere,
    I know you were 30 years late discovering this whole internet thing, so imagery and phrases from 1980s cyberpunk still sound super-duper-cutting-edge to you, but can you please stop using "cyber" as a catch-all for everything connected to computers? Thanks.

    PS: When you leave a laptop full of citizen's private information on the bus, and a million people's social security numbers turn up on pastebin the next day, that's called "negligence" not "a cyberattack".

    --
    0 1 - just my two bits
  4. Which is why corporate security is a joke. by gestalt_n_pepper · · Score: 4, Insightful

    All of it can be overcome by a janitor with a USB drive with penetration software.

    Security culture is worse. Elaborate passwords. Two or three factor identification. Putting the security burden on the user in general. All you do is:

    1) Inconvenience users and make productivity next to impossible.

    2) Create an entire culture of employees who must, in order to get any work done, know how to hack their way into corporate systems from outside (I know of two ways. My IT guy knows about 6 entirely different ways), and frequently, inside.

    The problem is that security guys get bonuses for reducing intrusions (as they count them). Everyone else gets bonuses for getting their work done and being productive, which frequently isn't something that ever gets on a spreadsheet.

    And upper management, as usual, is too stupid, distracted with power politics and just plain pig-ignorant to understand this.

    --
    Please do not read this sig. Thank you.