Public and private industry companies have a new tool that can be used to evaluate how much they are vulnerable to insider threats. The Cybersecurity and Infrastructure Security Agency (CISA) created this new Insider Threat Risk Mitigation Self-Assessment Tool to help end-users increase their knowledge about insider threats and create prevention and mitigation plans.
In the healthcare industry, security efforts are usually invested in the system perimeter and the prohibition of external threats, however, insider threats may be equally as harmful, if not more so. Insiders could steal sensitive data for monetary profit, can take data to give to their next company, or can misuse their privileged access and cause substantial problems.
Insider breaches could cause big problems for companies, including reputation ruin, loss of earnings, stealing of intellectual property, decreased market share, and possibly physical injury. CISA states insider threats could include present and past employers, providers, or other people having inside knowledge regarding a company. The threat carried by insiders could be substantial because of the knowledge those people have with regards to a company and the fact they are respected and have privileged systems and sensitive information access.
Big companies possibly perform risk assessments and set up measures to offset insider threats. But small- and medium-sized companies seem to have restricted resources and might not have evaluated their risk level and they most probably will be benefitted by utilizing the new tool.
The tool includes a sequence of questions that will determine the company’s level of vulnerability to insider threats and will give responses to users to aid them in creating suitable mitigations to protect against insider threats and lower the threat to a low and tolerable level.
CISA encourages all partners, particularly small and medium organizations who might have restricted resources, to make use of this new tool to create a strategy to protect against insider threats. Undertaking a number of small steps now can make a big impact in stopping or decreasing the effects of an insider threat down the road, according to David Mussington, CISA Executive Assistant Director for Infrastructure Security.