CISA Releases Ransomware Readiness Assessment Audit Tool

Share this article on:

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has launched a new tool that can be used by organizations to assess how well they are equipped to defend and recover from a ransomware attack.

The threat from ransomware has gown significantly over the past year. The Verizon Data Breach Investigations Report shows 10% of cyberattacks now involve the use of ransomware, with SonicWall reporting a 62% global increase in ransomware attacks since 2019 and a 158% spike in attacks in North America during the same period. BlackFog predicts loses due to ransomware attacks will increase to $6 trillion in 2021, up from $3 trillion in 2015.

The Ransomware Readiness Assessment (RRA) audit module has been added to CISA’s Cyber Security Evaluation Tool (CSET). CSET is a desktop software tool that guides network defenders through a step-by-step process of assessing their cybersecurity practices for both their information technology (IT) and operational technology (OT) networks. CSET can be used to perform a comprehensive evaluation of an organization’s cybersecurity posture using recognized government and industry standards and recommendations.

The RRA can be used to evaluate cybersecurity defenses specifically relating to ransomware. CISA says the RRA tool has been developed for organizations at all levels of cybersecurity maturity and will allow network defenders to evaluate their defenses against recognized standards and best practice recommendations in a systematic, disciplined, and repeatable manner.

The RRA guides asset owners and operators through a systematic process to evaluate cybersecurity practices against ransomware threats and provides an analysis dashboard with graphs and tables displaying the results of the assessment, both in summarized and detailed form.

The RRA tool is available through CSET, which should first be downloaded and correctly installed. The installation file and instructions on installing CSET and starting the ransomware readiness assessment is available on GitHub on this link.

CISA is urging all organizations to install the CSET tool and conduct a Ransomware Readiness Assessment to evaluate their cybersecurity defenses.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On