The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool that organizations can use to evaluate how effectively they are prepared to protect against and recuperate from a ransomware attack.
The threat due to ransomware has increased considerably over the last year. According to the Verizon Data Breach Investigations Report, 10% of cyberattacks currently involve ransomware. The SonicWall report states that since 2019, ransomware attacks had a 62% global expansion and a 158% surge in North America in the same time period. BlackFog forecasts that losses resulting from ransomware attacks will reach $6 trillion by 2021, compared to $3 trillion in 2015.
CISA added the Ransomware Readiness Assessment (RRA) audit module to its Cyber Security Evaluation Tool (CSET). With the desktop software tool CSET, network defenders are guided through a step-by-step procedure of evaluating their cybersecurity tactics for their operational technology (OT) and information technology (IT) networks. CSET may be utilized to conduct a thorough assessment of a company’s cybersecurity posture utilizing established government and industry specifications and recommendations.
The RRA could be employed to assess cybersecurity protection particularly associated with ransomware. CISA states the RRA tool was created for companies having different levels of cybersecurity maturity and will enable network defenders to examine their protection against known standards and best practice advice in an organized, disciplined, and replicable way.
The RRA helps asset owners and operators undergo a step-by-step process to assess cybersecurity practices versus ransomware threats and offers an analysis dashboard with charts and tables showing the findings of the assessment, in a summarized and specific format.
The RRA tool can be obtained from CSET. It ought to be downloaded first and properly installed. The installation file and information on setting up CSET and beginning the ransomware readiness assessment is accessible on the GitHub page here.
CISA is recommending that all companies should install the CSET tool and perform a Ransomware Readiness Assessment to check their cybersecurity protection.