CISA insider-threat warning comes with an ironic twist • The Register

https://www.theregister.com/2026/01/29/cisa_insider_threat_guidance/

Publish Date: 2026-01-29 18:19:00

opinion Maybe everything is all about timing, like the time (this week) America’s lead cyber-defense agency sounded the alarm on insider threats after it came to light that its senior official uploaded sensitive documents to ChatGPT.

Or maybe it’s about hypocrisy.

Either way, on Wednesday, the US Cybersecurity and Infrastructure Security Agency (CISA) called insider threats “one of the most serious risks to organizational security.” It urged critical infrastructure entities to “take decisive action” to mitigate threats from both malicious insiders and honest mistakes, and to help them do that, CISA published an infographic [PDF] with guidance on how to assemble a multi-disciplinary insider threat management team.

The team should include subject-matter experts from across the organization, such as human resources personnel, legal counsel, security and IT leadership, and threat analysts, and should coordinate with external partners – including law enforcement and other risk and health professionals – as needed.

These team members run the organization’s insider threat program, monitor for potential threats, and intervene as needed to (hopefully) prevent any damage to the company’s people, data, reputation, and bottom line, the guide says.

Plus, CISA offers several other free resources on this topic, such as an insider threat mitigation guide, a workshop, and a program evaluation tool.

“Insider threats remain one of the most serious challenges to organizational security because they can erode trust and disrupt critical operations,” acting CISA Director Madhu Gottumukkala said in a statement announcing the guidance.

This is a topic that Gottumukkala knows well – one could even say he has insider knowledge about these types of threats.