The US Cybersecurity and Infrastructure Security Agency (CISA) has released a tool that will allow organisations to assess vulnerability to insider threats and create defence plans.
According to Bleeping Computer, the Insider Risk Mitigation Self-Assessment Tool will help public and private sector organisations to determine their risk posture by answering a series of questions about the requirements needed to set up an inside risk program management, the organisation’s insider risk environment and the level of insider risk awareness and training among employees.
The CISA tool will also look to simplify the understanding of the nature of insider threats to expedite the process of forming a prevention and mitigation program.
Insider threat risks – sometimes either malicious or accidental – can have a substantial impact due to the level of damage they can inflict on an organisation if not dealt with in due-time. They can be a current or former employee, a business partner or a third-party contractor commonly.
CISA detailed, “Consequences can include compromised sensitive information, damaged organizational reputation, lost revenue, stolen intellectual property, reduced market share, and even physical harm to people.”
CISA executive assistant director for infrastructure security David Mussington said, “While security efforts often focus on external threats, often the biggest threat can be found inside the organization.
“CISA urges all our partners, especially small and medium businesses who may have limited resources, to use this new tool to develop a plan to guard against insider threats. Taking some small steps today can make a big difference in preventing or mitigating the consequences of an insider threat in the future.”
Copyright © 2021 RegTech Analyst
Copyright © 2018 RegTech Analyst