September is National Insider Threat Awareness Month – A month dedicated to raising awareness of the risks posed by malicious insiders and to emphasize the importance of detecting, deterring, and reporting insider threats.
National Insider Threat Awareness Month (NIATM) is a collaborative effort between several security agencies in the United States including the Department of Homeland Security Cybersecurity and infrastructure Security Agency (CISA), National Insider Threat Task Force (NITTF), National Counterintelligence and Security Center (NCSC), Office of the Under Secretary of Defense Intelligence and Security (USD(I&S)), and Defense Counterintelligence and Security Agency (DCSA).
NITTF defines insiders as “any person with authorized access to an organization’s resources to include personnel, facilities, information, equipment, networks, or systems”. The threat involves an insider using their authorized access to do harm to the organization, either deliberately or accidentally. Actions or errors could result in financial harm, prevent an organization from engaging in normal business practices, cause damage to hardware and software, and result in the deletion or theft of business-critical data or intellectual property.
Insider threats have made America less safe by giving adversaries access to highly sensitive information. NIATM was devised in 2019 to raise awareness of the risk posed by insider threats and provide practical advice on how the risk can be reduced. This year, NIATM is focused on improving resilience.
“Resilience is an intangible quality that allows us to face adversity and come back at least as strong as before,” explained the Director of the National Counterintelligence and Security Center. This month, NIATM will promote personal and organizational resilience to mitigate risks posed by insider threats.
Several resources have been made available to help organizations improve resilience and mitigate insider threats. These include games, videos, posters, and graphics to encourage awareness of insider threats in your organization, case studies and scenarios based on real-world examples of insider threats, and practical advice on establishing an insider threat program, protecting assets, recognizing the signs of insider threats, reporting threats, and assessing risk and responding to an insider threat.
The resources can be accessed on this link.