The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

CISA Shares New Ransomware Self-Assessment Tool

by Chris Brook on Thursday July 1, 2021

Contact Us
Free Demo
Chat

The new security audit self-assessment tool is designed to help organizations better understand how well they're equipped to defend and recover from ransomware.

In the wake of headline grabbing ransomware attacks on Colonial Pipeline and meat manufacturer JBS S.A this spring, the government is making inroads to prevent future attacks through education.

One of those government entities, the US Cybersecurity and Infrastructure Security Agency (CISA) - part of the Department of Homeland Security - released a new tool this week designed to help organizations better understand how well they're equipped to defend against and recover from such attacks.

The tool, the Ransomware Readiness Assessment, or RRA, takes the form of a new module for CISA's Cyber Security Evaluation Tool (CSET).

For those unfamiliar, CSET is a tool, available on GitHub, that organizations can use to carry out assessments of their enterprise and industrial control cyber systems. The tool incorporates standards from other government agencies, including NIST, North American Electric Reliability Corporation (NERC), Transportation Security Administration (TSA), and U.S. Department of Defense (DoD)

According to CISA, the latest release of CSET includes functionality - in the form of basic, intermediate, and advanced questions - for businesses to determine their cybersecurity posture as it pertains to ransomware.

“This is intended to help an organization improve by focusing on the basics first, and then progressing by implementing practices through the intermediate and advanced categories,” CISA says on its GitHub page. Central to the tool is External Dependencies Management, or EDM, a concept that’s from NIST's Cybersecurity Framework.

To use the new tool, users will have to download and install CSET, login, and select Maturity Model on the left-hand side of the application. After clicking next, there should be four options: ACET, CMMC, EDM, and what you’re looking for: Ransomware Readiness Assessment.

The tool comes the same week another entity - on the state level - New York's Department of Financial Services, issued new guidance on mitigating ransomware attacks. If you've been following the trajectory of ransomware attacks over the years, none of the instructions may be new to you, but they're still worth heeding.

In its guidance, NYDFS, like the FBI to an extent, is encouraging organizations do not pay ransoms and keep robust backups in place so they can be restored following an attack.

The rest of the department’s instructions are as follows:

  • Train Employees in Cybersecurity Awareness and Anti-Phishing;
  • Implement a Vulnerability and Patch Management Program;
  • Use Multi-Factor Authentication and Strong Passwords;
  • Employ Privileged Access Management to Safeguard Credentials for Privileged Accounts;
  • Use Monitoring and Response to Detect and Contain Intruders;
  • Segregate and Test Backups to Ensure that Critical Systems Can Be Restored in the Face of an Attack; and
  • Have a Ransomware Specific Incident Response Plan that is Tested by Senior Leadership

Tags: Government, Ransomware

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.