The Cybersecurity and Infrastructure Security Agency (CISA) has a new cybersecurity resource for critical infrastructure and government entities to prevent, detect, and mitigate insider threats.
The infographic resource aims to address two forms of insider threats: calculated acts of harm and unintentional mistakes.
“Malicious insiders may exploit access for personal gain or revenge, causing severe damage to systems and trust,” CISA said in a Jan. 28 press release. “At the same time, negligence or simple human errors can open the door to vulnerabilities that adversaries can exploit.”
“Whether driven by intent or accident, insider threats pose one of the most serious risks to organizational security and resilience- demanding proactive measures to detect, prevent and respond,” CISA continued.
The resource’s main recommendation is for entities to assemble a multi-disciplinary insider threat management team to oversee an organization’s insider threat program. Those teams should include staff with varied expertise to be most effective, CISA said.
CISA said that by following guidance in the infographic, insider threat management teams can reduce vulnerabilities, prevent workplace violence, and reinforce defenses against evolving threats.
“Insider threats remain one of the most serious challenges to organizational security because they can erode trust and disrupt critical operations,” Madhu Gottumukkala, acting CISA director, said in a statement.
“CISA is committed to helping organizations confront this risk head-on by delivering practical strategies, expert guidance, and actionable resources that empower leaders to act decisively – building resilient, multi-disciplinary teams, fostering accountability, and safeguarding the systems Americans rely on every day,” he added.