According to a senior official at the Cybersecurity and Infrastructure Security Agency (CISA), the serious dearth of ransomware incident reporting in the U.S. is hindering efforts by the government to protect organizations. Likewise, lack of reporting is making it harder for the government to take retaliatory actions against these threat actors.
Eric Goldstein, executive assistant director for cybersecurity at CISA, spoke about this ongoing problem this week. “A tiny fraction of ransomware infections are reported to the government and the problem is getting worse because we don’t even know what that actual number is. We have no idea the actual denominator of ransomware instructions that are occurring across the country on any given day,” said Goldstein. If more organizations reported cyber incidents, then CISA would have more data which would allow them to share indicators of compromise, unique infrastructure characteristics, unique TTPs, and specific CVEs used before attacks, according to Goldstein. Additionally, even reporting unsuccessful cyber incidents can offer rich technical data on how to defend against potential threats.
Despite the passage of a cyber incident reporting bill, Goldstein warned we cannot wait for the rules to come into effect. “We have to catalyze reporting of incidents now because that’s the only way that we’re going to actually get in front of this threat from a cyber defense context and enable the kind of targeted, rapid cost imposition that’s actually going to cause some real deterrence among these adversaries.” Read more at The Record.