The US Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool that allows public and private sector organizations to assess their vulnerability to an insider threat by answering a series of questions.
Insider Risk Mitigation Self-Assessment Tool also allows users to gain deeper understanding of the nature of insider threats and take steps to create their own prevention and mitigation programs.
“While security efforts often focus on external threats, often the biggest threat can be found inside the organization,” said CISA Executive Assistant Director for Infrastructure Security David Mussington. “CISA urges all our partners, especially small and medium businesses who may have limited resources, to use this new tool to develop a plan to guard against insider threats. Taking some small steps today can make a big difference in preventing or mitigating the consequences of an insider threat in the future.”
“Insider threats can come from current or former employees, contractors, or others with inside knowledge, and the consequences can include compromised sensitive information, damaged organizational reputation, lost revenue, stolen intellectual property, reduced market share, and even physical harm to people,” the security agency said.
Earlier this week, CISA and NSA released a guidance to help organizations address the potential security risks associated with using Virtual Private Networks (VPNs).