CISA’s New Tool for Assessing Insider Threats

Public and private sector organizations can use a new tool to assess how vulnerable they are to insider threats. This newly-released Insider Threat Risk Mitigation Self-Assessment Tool developed by the Cybersecurity and Infrastructure Security Agency (CISA) can help users know more about insider threats and make protection and mitigation strategies.

In the healthcare sector, security initiatives are typically devoted to the system perimeter and stoppage of external threats, nonetheless, insider threats are just as harmful, perhaps much more. Insiders can steal sensitive information for monetary gain. They could take the stolen data to their next employer, or abuse their allocated access and cause big problems.

Companies can face big problems, including reputation damage, loss of revenue, stealing of intellectual property, lower market share, and potentially physical harm, due to insider breaches. CISA explains that insider threats may include current and former employers, service providers, or other individuals that got inside knowledge about an organization. The threat from insiders may be sizeable considering their knowledge with regards to an organization and the fact they are recognized and were given authorized access to systems and sensitive data.

Big organizations probably conduct risk checks and established procedures to counteract insider threats. However small- and medium-sized organizations have limited resources and may not be able to assess their risk level. They will definitely benefit from using the newly released tool.

The tool has a series of questions that will be used to assess the level of vulnerability of a company to insider threats. The users will receive responses to help them in setting up appropriate mitigations to safeguard the company against insider threats and lessen the risk to a low, reasonable level.

CISA urges all partners, especially small and medium establishments with limited resources, to try using this new tool in order to set up a plan to control insider threats. Undertaking several small actions today can have a big effect with regards to stopping or reducing the outcomes of an insider threat, later on, stated CISA Executive Assistant Director for Infrastructure Security David Mussington.