Maurice Uenuma, VP & GM, Americas, Blancco, says the ongoing shake up and restructuring across many US federal agencies increases the potential for data breaches and security vulnerabilities.
The state of cybersecurity remains tenuous with the ongoing proliferation of nation-state threat actors, hackers-for-profit, and now, disruption within US federal agencies.
CrowdStrike reports that China-nexus bad actors surged by 150% in 2024, with some targeted industries suffering 200-300% more attacks than in the previous year. CISOs must maintain a vigilant, 360-degree approach that includes ongoing mitigation of dangerous insider threats to corporate data and personally identifiable (PII) information.
The real impact of insider threats
A March 2025 report from Mimecast claims that 95% of all data breaches in 2024 were driven by insider threats, credential misuse and/or user-driven errors.
One of the most egregious examples of how insider threats can expose sensitive data is illustrated by a recent case reported by the US Attorney’s Office in February 2025. An ITAD employee stole and then sold hundreds of US government-owned devices before they could be properly disposed of. Court documents explain how the employee and his cohorts stole IT assets worth thousands of dollars and then offered the stolen equipment to resellers, providing fake proof of data erasure and destruction to unsuspecting buyers.
The ongoing shake up and restructuring across many US. federal agencies also puts our government agency data at risk. While an exact count of federal employees who have retired, been fired, or laid off remains elusive, Newsweek and other media sources estimate up to 225,000 federal workers have been impacted. Some have been rehired but the situation is very fluid, which has increased the potential for data breaches and security vulnerabilities, including the susceptibility of disgruntled former employees to espionage and other nefarious activities.
Recent reporting confirms the lack of attention to securing the data on government-owned devices: IRS employees returning to the office were told to, “…secure their laptops and equipment in secure locations, such as via cable lock to a permanent furniture fixture, locker or designated storage area.”
This lax attention to the IT asset chain of custody is a serious concern and could become a potential boon for cyber criminals who are closely watching what’s going on in the US and hoping to take advantage of the chaos.
Effective policies to mitigate insider threats
Most organizations have security plans and policies in place to decrease the potential for insider threats. No policy will guarantee immunity to data breaches and IT asset theft but CISOs can make sure their policies are being executed through routine oversight and audits. Best practices include access control and least privilege, which ensures employees, contractors and all internal users only have access to the data and systems necessary for their specific roles.
Regular employee training and awareness programs are also critical. Training sessions are an effective means to educate employees on security best practices such as how to recognize phishing attempts, social engineering attacks and the risks associated with sharing sensitive information. Employees should be trained in how to report suspicious activities – and there should be a defined process for managing these reports.
Beyond the security controls noted above, those that govern the IT asset chain of custody are crucial to mitigating the fallout of a breach should assets be stolen by employees, former employees or third parties.
The IT asset chain of custody refers to the process that tracks and documents the physical possession, handling, and movement of IT assets (such as laptops, smartphones, servers, or storage devices) throughout their lifecycle. A sound program ensures that there is a clear, auditable trail of who has access to and controls the asset at any given time. It is crucial for maintaining accountability and preventing unauthorized access to or tampering with sensitive equipment.
Three important measures to manage the asset chain of custody include:
- Device inventory and registration: IT assets should be inventoried and registered upon receipt, with detailed information such as the device serial number, type and assigned user. This enables each device to be tracked throughout its lifecycle and a clear accountability and responsibility for each asset.
- Asset movement and tracking: Procedures that track the movement of devices, including a log of where the device has been and who has had custody of it at each point in time is especially important, especially for mobile devices used by remote and traveling employees.
- Device handling and disposal: Beyond policies that guide the chain of custody when electronics are being repaired, or when assets are decommissioned, they should be properly sanitized of all data before being destroyed or sold through the secondary market to prevent data loss.
Conclusion
CISOs are responsible for safeguarding their organization’s information and IT infrastructure from both internal and external threats – including implementing and monitoring the execution of security policies that mitigate insider threats and ensure proper IT asset chain of custody. These policies are an important part of a holistic security program and essential for maintaining control over sensitive data and devices, reducing the risk of internal misuse or theft and ensuring a clear audit trail for devices – from procurement to end-of-life.
