The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Insider Risk Mitigation Self-Assessment Tool, a new tool that allows organizations to assess their level of exposure to insider threats.
Insider threats pose a severe risk to organizations, the attacks are carried out by current or former employees, contractors, or others with inside knowledge, for this reason they are not easy to detect.
An attack from insiders could compromise sensitive information, cause economic losses, damages the reputation of the organization, theft of intellectual property, reduction of market share, and even physical harm to people.
The tool elaborates the answers of the organizations to a survey about their implementations of a risk program management for insider threats.
“The Cybersecurity and Infrastructure Security Agency (CISA) released an Insider Risk Mitigation Self-Assessment Tool today, which assists public and private sector organizations in assessing their vulnerability to an insider threat. By answering a series of questions, users receive feedback they can use to gauge their risk posture. The tool will also help users further understand the nature of insider threats and take steps to create their own prevention and mitigation programs.” reads the announcement published by CISA.
The tool allows organizations to create their own programs to prevent and mitigate insider threats.
“While security efforts often focus on external threats, often the biggest threat can be found inside the organization,” said David Mussington, CISA’s Executive Assistant Director for Infrastructure Security. “CISA urges all our partners, especially small and medium businesses who may have limited resources, to use this new tool to develop a plan to guard against insider threats. Taking some small steps today can make a big difference in preventing or mitigating the consequences of an insider threat in the future.”
CISA provides further info and tools to mitigate insider threat risks that are available on its website.
In easily July, the US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new ransomware self-assessment security audit tool for the agency’s Cyber Security Evaluation Tool (CSET).
RRA could be used by organizations to determine their level of exposure to ransomware attacks against their information technology (IT), operational technology (OT), or industrial control system (ICS) assets.
(SecurityAffairs – hacking, insider threats)