More than 800 vulnerabilities resolved through CISA ransomware notification pilot
The Record
|
Contributed by: Drex DeFord
Summary
The Cybersecurity and Infrastructure Security Agency (CISA) has reported positive outcomes from its Ransomware Vulnerability Warning Pilot program, launched in January 2023, aimed at notifying organizations about vulnerabilities in their internet-connected devices potentially exploitable by ransomware attackers. This initiative, a response to cyber incident reporting legislation signed by President Joe Biden in 2022 and executed by the Joint Ransomware Task Force (co-led by CISA and the FBI), has made significant strides by alerting 1,754 organizations last year, leading to remedial actions in nearly half of these cases. The program focuses on a wide range of sectors, with a significant number of notifications sent to government facilities and healthcare organizations, and has been instrumental in reducing risk exposure by targeting vulnerabilities that may not have been recognized or addressed by the organizations otherwise. Through extensive vulnerability scanning, CISA has identified millions of potential risks, narrowing them down to those actively exploited by ransomware groups, thereby increasing operational costs for these criminals and contributing to cybersecurity deterrence efforts.
