Security Roundup: RSA Wrap Featuring Optiv, eSentire, More

Written by Edward Gately
March 8, 2019

Careless insiders are a significant source of IT security threats in their agencies.

San Francisco is ground zero for the fight against cybercrime as more than 50,000 attendees, including MSSPs and other cybersecurity providers are at this week’s RSA Conference.

Cybersecurity providers are making the most of the event by announcing new products and services, as well as latest research on threats and strategies for fighting cybercriminals.

Among the announcements were new research by SolarWinds, Optiv’s new service, eSentire’s funding boost, Malwarebytes’ new management console for MSPs, and CrowdStrilke’s mobile device protection.

SolarWinds Gauges Federal Cybersecurity

When it comes to federal government cybersecurity, the risk posed by careless, untrained insiders and foreign governments is at an all-time high, and yet for the most part IT pros feel like their agencies are doing a good job with their IT security.

That’s according to SolarWinds‘ fifth Federal Cybersecurity Survey. In December and January, independent research firm Market Connections surveyed 200 IT security professionals in U.S. federal civilian and defense agencies on behalf of SolarWinds.

To discuss the findings, we spoke with SolarWinds “head geek” Destiny Bertucci.

SolarWinds’ Destiny Bertucci

“The government has traditionally ‘led the way’ when it comes to cybersecurity, paving the adoption of best practices like those outlined by the National Institute of Standards and Technology (NIST) framework,” she said. “However, as our newest federal cybersecurity study shows, the people piece of security is still the weakest link, despite the commitment to following these types of regimens.”

Fifty-six percent of respondents believe careless insiders are a significant source of IT security threats in their agencies, compared to 42 percent five years ago when SolarWinds first ran this survey.

“And much of this came from contractors,” Bertucci said. “This mostly centered around ‘oopsies’ like inadvertently sharing data or passwords. The government certainly isn’t alone in this challenge and the need for increased education and training is clear, in addition to more stringent monitoring and access rights management.”

In addition, perceived threats from foreign governments have gone up, with more than one-half (52 percent) of survey-takers calling them significant threats, compared to 34 percent five years ago. Nation-state actors are leveraging the democratization of technology like the rest of the bad guys, and the ability to effectively fight them is requiring more and more sophisticated approaches.

“MSSPs and cybersecurity providers can play a key role in helping to plug some of the gaps identified in the survey,” Bertucci said. “The shift to a hybrid IT environment is something we’re seeing more and more of across larger enterprises who are quickly realizing they need some help. In addition, it’s important to remember that many agencies operate much like a SMB, working with tight budgets and reduced staff. Partnering is an excellent model to ensure the most efficient and effective cybersecurity defenses.”

When it comes to contractors, about half of respondents agreed that better security training, multifactor authentication, restricted device use and better data/systems monitoring are needed to help reduce that risk, she said.

“This is where providers can come in to help deliver these types of services and technologies,” Bertucci said. “There’s always more to do because the challenges associated with cybersecurity aren’t going away. The best thing that cybersecurity partners can do to help protect government agencies is …