New CISA Tool Helps Organizations Assess Insider Threat Risks

The United States Cybersecurity and Infrastructure Security Agency (CISA) this week released a tool to help organizations assess their insider threat risk posture.

Suitable for organizations in both public and private sectors, the Insider Risk Mitigation Self-Assessment Tool provides users with feedback based on responses to a series of questions.

Furthermore, the tool aims to deliver a better understanding of the nature of insider threats, to help users start their own prevention and mitigation programs.

As CISA points out, insider threats represent a major risk to any organization due to the fact that knowledge and trust are placed in the hands of the adversary, which could be an employee, a contractor, or other individuals who have inside knowledge.

A malicious insider could compromise sensitive information, steal intellectual property, or even physically harm people. The results of such an action include damage to the organization’s reputation, revenue loss, and reduced market share.

The Insider Risk Mitigation Self-Assessment Tool first assesses whether an organization has in place all the requirements for an insider risk program and whether employees have been trained on the risks associated with insider threats, and then attempts to identify whether the organization is well-positioned to respond to an insider threat.

“CISA urges all our partners, especially small and medium businesses who may have limited resources, to use this new tool to develop a plan to guard against insider threats. Taking some small steps today can make a big difference in preventing or mitigating the consequences of an insider threat in the future,” said CISA Executive Assistant Director for Infrastructure Security David Mussington.

Related: CISA Adds Ransomware Module to Cyber Security Evaluation Tool

Related: CISA Issues MITRE ATT&CK Mapping Guide for Threat Intelligence Analysts

Related: CISA Issues Guidance on Protecting Data From Ransomware