Maybe CISA should take its own advice about insider threats hmmm?

opinion Maybe everything is all about timing, like the time (this week) America's lead cyber-defense agency sounded the alarm on insider threats after it came to light that its senior official uploaded sensitive documents to ChatGPT.

Or maybe it's about hypocrisy.

Either way, on Wednesday, the US Cybersecurity and Infrastructure Security Agency (CISA) called insider threats "one of the most serious risks to organizational security." It urged critical infrastructure entities to "take decisive action" to mitigate threats from both malicious insiders and honest mistakes, and to help them do that, CISA published an infographic [PDF] with guidance on how to assemble a multi-disciplinary insider threat management team.

The team should include subject-matter experts from across the organization, such as human resources personnel, legal counsel, security and IT leadership, and threat analysts, and should coordinate with external partners - including law enforcement and other risk and health professionals - as needed ...