Resilience to Insider Risk

The threat from within

Consider this scenario: Someone charges a smartphone by plugging it into their work computer. Could this be a threat to key corporate assets? If that phone contains malware, such as a virus or ransomware, the answer could be yes. Imagine if this phone was connected to the network of an energy or water facility? What would be the impact?

This is only one scenario critical infrastructure organizations should consider when it comes to insider risk. The actions of individuals working within an organization can have potential impacts on systems and services. These actions could be intentional or unintentional, such as attaching a personal device to a system, accessing a restricted area, or disclosing sensitive information. Employee conduct can have damaging and long-lasting impacts for Canadian critical infrastructure organizations.

Improving resilience

Owners and operators of critical infrastructure organizations should take action to better protect themselves from insider risk. Public Safety (PS) Canada's guide on Enhancing Canada's Critical Infrastructure Resilience to Insider Risk includes eight security actions across three themes that can be used to strengthen the resilience of organizational assets and systems.

This guide was developed in collaboration with other government departments and private sector partners. PS encourages all organizations, no matter the industry, geography, or size, to examine implementing the security actions identified in the guide.

In addition to the guidance document, PS has developed The Insider Risk Assessment Tool (IRAT). Canadian CI partners and stakeholders are encouraged to participate in this voluntary self-assessment to evaluate their organization’s security posture as it relates to insider risk. The resulting report, in conjunction with the Enhancing Canada’s Critical Infrastructure Resilience to Insider Risk document, provides participants with useful information and guidance to help increase their organization’s insider risk resiliency.

Contact us for additional information or to inquire about presentations on Insider Risk.

Video: Resilience to Insider Risk

Use this video within your own organization when developing insider risk programs.

Security Action Checklist

These eight recommended security actions can strengthen the resilience of organizational assets and systems.

Date modified: