A recent survey has established that federal workers have access to more IT systems and applications than they actually need; in addition, people working in the more sensitive systems are often unmonitored.
According to the Dell report, of the 150 federal IT professionals participating in the survey, 92% said that employees within the organisation had access to information that they did not need in order to do their job; just 47% said that they monitored or logged all privileged or administrative access, whilst only 45% confirmed they logged some access.
A principal focus of a ‘cybersecurity sprint’ launched over the summer by the Office of Management and Budget was identifying privileged users and cracking down on personal identity verification (PIV) as a response to recent breaches. Whilst there have been improvements in access management, monitoring and logging access once a user has been given entry has not improved.
Paul Christman, Vice President of Federal for Dell Software said: “We are getting better at knowing you are who you say you are, but we’re not getting better at controlling what you do, once you’ve established who you are.”
89% of survey participants said better control of privileged or administrative accounts would reduce security breach risks, but only 76% of non-US federal respondents agreed in a broader global survey; whilst just 19% would change privileged and administrative passwords on mission critical devices and systems every 30 days.
Dell’s survey was conducted prior to the cybersecurity sprint however better results are unlikely today, said Christman. Recent work by agencies on multifactor and PIV authentication is a step forward but protects only against specific threats.
Christman added: “I’m concerned that people are going to claim victory on the whole strong authentication and multifactor authentication. And we’re just going to say ‘mission accomplished’.”
He explained that improvements were needed and laid the groundwork for privileged session management and monitoring. Agencies have now worked hard on authentication, are exploring how much more needs to be accomplished in order to reduce the risk from the ‘disgruntled insider’.