CISA Releases Tool To Help Orgs Fend Off Insider Threat Risks
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool that allows public and private sector organizations to assess their vulnerability to insider threats and devise their own defense plans against such risks.
The Insider Risk Mitigation Self-Assessment Tool helps orgs determine their risk posture by answering a series of questions about the requirements needed to set up an insider risk program management, the levels of insider risk awareness and training among employees, and the organization’s insider risk environment.
This tool also makes it easier to understand the nature of insider threats to expedite the process of creating a prevention and mitigation program.
“While security efforts often focus on external threats, often the biggest threat can be found inside the organization,” said David Mussington, CISA’s Executive Assistant Director for Infrastructure Security.
“CISA urges all our partners, especially small and medium businesses who may have limited resources, to use this new tool to develop a plan to guard against insider threats. Taking some small steps today can make a big difference in preventing or mitigating the consequences of an insider threat in the future.”
Insider threat risks, which can be malicious or accidental, can have a significant impact considering the level of damages they can inflict on an organization if not detected and blocked in due time.
Typically, insider threats are a current or former employee, a third-party contractor, or a business partner who has (or had) access to an organization’s network and/or data and uses that access for malicious purposes (unwittingly or not).
Also Read: The Role of A DPO During Work From Home
“Consequences can include compromised sensitive information, damaged organizational reputation, lost revenue, stolen intellectual property, reduced market share, and even physical harm to people,” CISA added.
Further info and tools to mitigate insider threat risks can be found on CISA’s infrastructure security website.
In June, the federal agency also released a ransomware self-assessment security audit tool which helps orgs assess how well they are equipped to defend against and recover from ransomware attacks targeting their information technology (IT), operational technology (OT), or industrial control system (ICS) assets.