According the U.S. Government Accountability Office (GAO) report, federal agencies lack insight on ransomware protections for critical infrastructure.

So, basically – the GAO is saying that agencies that oversee critical infrastructure sectors actually do not know if protections against ransomware were implemented by companies.

Hearing that federal agencies that are supposed to monitor the energy, manufacturing, transportation, health care, etc. sectors are not sure if companies are following the ransomware guidelines that were spelled out is a worrying thought.

As per the GAO,  “none have fully assessed the effectiveness of their support to sectors” [in the Department of Homeland Security’s (DHS) 2013 National Infrastructure Protection Plan]. And, they have also have not “determined the extent of adoption of the National Institute of Standards and Technology’s recommended practices for addressing ransomware.” 

Without thorough assessments from the six sector risk management agencies examined in the report — the Cybersecurity and Infrastructure Security Agency, the Department of Energy, the Department of Health and Human Services, the U.S. Coast Guard, Transportation Security Administration, and the Department of Transportation — their respective sectors are missing out on “communication, coordination, and timely sharing of threat and incident information,” the GAO stated.

The GAO’s report was based on an audit from August 2022 to January 2024. And, it’s at a time that is more critical than ever – with a rise in ransomware attacks on manufacturing  plants, energy systems, etc.

With all of the attacks, the ‘Cybersecurity and Infrastructure Security Agency’ (CISA)  is trying formulate standardizations on how ransomware attacks are reported. Since,  as per the GAO, this lack of reporting “makes it more challenging for SRMAs (Sector Risk Management Agencies) to know the full impact of ransomware on their respective sectors”

This obviously make sense, since companies need these SRMAs to assess risks - so organizations can better protect themselves from these ransomware threats.

What can you do if you are in charge of security for your company or have the ear of senior management that should always be concerned about ransomware attacks?  In a word, connect with cybersecurity experts and security forums outside of your organization so you are staying on top of the latest threats and of course, know how to counteract them.

 And, there are companies like SpaceBound Solutions that can provide Managed IT Services such as Endpoint Security: https://www.spaceboundsolutions.com/ContentPage/148 and Network Assessment & Review: https://www.spaceboundsolutions.com/ContentPage/152 To learn more about what SpaceBound  Solutions can offer, email us at: Services@SpaceBoundSolutions.com

Source, Cyberscoop:

https://cyberscoop.com/gao-ransomware-attacks-critical-infrastructure/