BACKGROUND:
The Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new module for its Cyber Security Evaluation Tool (CSET). RRA is a security audit self-assessment tool for organizations that want to understand better how well they are equipped to defend against and recover from ransomware attacks targeting their information technology (IT), operational technology (OT), or industrial control system (ICS) assets.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>The release by CISA of the Ransomware Readiness Assessment (RRA) for its Cyber Security Evaluation Tool (CSET) gives asset owners a useful framework to assess their security posture against modern ransomware operations.</p>
<p>CSET, in particular, was thought with both information technology (IT) and industrial control system (ICS) networks in mind, such that defenders can gather a holistic view of the status quo. </p>
<p>As we’ve witnessed with the Colonial Pipeline incident, depending on the particularities of the organization targeted by a ransomware attack, the business can be brought to a halt even if the OT network is defended successfully.</p>
<p>For this very reason having a comprehensive understanding of the overall security, posture is the key to maintaining a secure business in the face of today’s threats.</p>
<p>Ransomware has and continues to cause significant outages, including impacting supply-chain. The Colonial Pipeline, which provides gasoline to nearly 50% for the East Coast, ransomware attack required the company to shut down operations for several days causing panic-buying, shortages, and price spikes in some states. Thus having an assessment tool that lets OT and IT organizations get visibility and insights into their cybersecurity readiness when it comes to ransomware is very valuable.</p>
<p>Ransomware represents a rapidly growing threat as attackers target organizations for money. Many organizations, whether government entities, large enterprises, or small or nonprofit businesses are being locked out of their systems and data, unable to do their work, unless they make a payment to the attackers. Sometimes the ransom can amount to millions of dollars, and many pay it rather than risk losing their business.</p>
<p>Most organizations have only a limited understanding of how attackers target their systems and networks, and what they need to do in order to better protect themselves. CISA’s new CSET Ransomware Readiness Assessment tool can help organizations assess the vulnerability of their systems to ransomware attacks, and to identify areas that can be improved.</p>
<p>But auditing your systems is only the first step of the process. Organizations using a data analytics approach to security are able to identify anomalous behaviors in real-time, and stop attackers before they have a chance to lock out legitimate users and administrators. Constant vigilance and monitoring are essential to ensure that companies can continue to operate under the threat of external attacks.</p>
<p>CISA\’s new toolset is a solid approach to preparing and hardening systems against cyber threats. Using tools like the RRA for self-assessment can help organizations fast-track their planning. </p>
<p>Systems are only half of the solution. Preparing corporate cyber teams should be a parallel, high priority. Like CISA\’s RRA, the industry has tools to assess talent pipelines and help prepare multi-dimensional teams as well as understanding how well the current teams are balanced and ready for detecting and responding to attacks. </p>
<p>The industry would be best served to test systems and teams together, to ensure the strongest protections are being developed and put into production to ensure continuity of business operations and protection of high-value assets.</p>
<p>It’s great to see CISA continue to offer not only leadership, but actionable tools to help cybersecurity professionals deal with current threats. While these tools are commonly presented as being tailored for critical infrastructure, it’s important to remember that they are equally applicable to any business. Ransomware is a serious and active threat to many industries. The best steps for dealing with ransomware and similar threats are rooted in cybersecurity and IT fundamentals and best practices.</p>