IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

CISA publishes ransomware self-assessment tool

The auditing software will enable organizations to evaluate how well they are protected against threats

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a new module for its Cyber Security Evaluation Tool (CSET) that will enable organizations to assess their security posture in relation to ransomware attacks.

The new module, Ransomware Readiness Assessment (RRA), is a self-assessment that helps organizations to comprehend their ability to defend themselves against such attacks. CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks.

"This is intended to help an organization improve by focusing on the basics first, and then progressing by implementing practices through the intermediate and advanced categories."

CISA said the self-assessment would help businesses to evaluate their cybersecurity posture against recognized standards and best practice recommendations in a systematic, disciplined, and repeatable manner.

It will also guide asset owners and operators through a systematic process to evaluate their operational technology (OT) and information technology (IT) network security practices against the ransomware threat. The module also provides an analysis dashboard with graphs and tables that present the assessment results in both summary and detailed form.

Dr George Papamargaritis, MSS Director at Obrela, told IT Pro that we are seeing that only those who prepare for ransomware infections, and have a well-rehearsed security strategy for how to handle them when they happen, come out strongest.

“When companies don’t prepare, they fail, and ransomware causes catastrophic damage. This new tool from CISA is a great offering to help organizations understand how equipped they are to deal with ransomware,” he said.

“However, carrying out the audit is just the first step, putting the intelligence into action and building it into an organization’s security strategy is the most important, but also challenging, issue, particularly across critical infrastructure where legacy machines are commonplace but very difficult to update.”

Lewis Jones, threat intelligence analyst at Talion, told IT Pro that this is a positive step from CISA.

“Today we are in the middle of a cyber wild west where criminal gangs are getting richer and richer, and no organization is safe because of a lack of formal guidance or regulations on how to handle ransomware," he said.

"If the government doesn’t intervene and provide this soon, things are going to get worse and potentially even out of control."

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT
ransomware

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

13 Apr 2022
Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021
Out-of-hours ransomware attacks have a greater impact on revenue
ransomware

Out-of-hours ransomware attacks have a greater impact on revenue

18 Nov 2021
US and Israel join forces to fight ransomware
ransomware

US and Israel join forces to fight ransomware

15 Nov 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022
Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers
ransomware

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

26 May 2022