In response to the ongoing explosive growth in the number of successful ransomware attacks and a doubling of average ransom amounts since 2019, the Cybersecurity and Infrastructure Security Agency (CISA) has released a ransomware component for its Cyber Security Evaluation Tool (CSET). The new Ransomware Readiness Assessment (RRA) feature has been tailored to meet the needs of any organization with operational or information technology infrastructure, allowing them to assess their readiness to defend against, and recover from, ransomware attacks. It provides a step-by-step evaluation process that yields an analysis complete with graphs, tables, a summary, and a detailed report.
A bit of background on CISA
CISA was established in 2018 and is an agency of the U.S. federal government. CISA offers a multitude of services to governmental and private sector entities including vulnerability scanning, phishing assessments, cyber resilience reviews, penetration tests, external dependencies management, risk assessments, and more. For a complete list of services available, see CISA.gov/cyber-resource-hub.
Installing CSET and RRA
Because RRA is a component of CSET, installation of the free CSET application is required in order to perform a ransomware assessment. CSET is a desktop application that provides organizations with the ability to conduct comprehensive assessments of their industrial control and information technology infrastructures by comparing them to established industry standards.
Downloading and installing the current desktop version of CSET from github.com/cisagov/cset/releases/tag/v10.3.0.0 also installs the new RRA tool. You’ll find step-by-step instructions for running your initial ransomware assessment at this site. A RRA tutorial is also available via the help menu once the application is installed.
About the RRA
Using RRA, organizations are able to assess their level of vulnerability to ransomware attacks targeting IT infrastructure, operations, and/or industrial control systems. The RRA assessment is based on industry accepted practices intended to determine an organization’s ability to defend against these attacks. The assessment will also evaluate the organization’s ability to recover should a ransomware attack be successful. CISA built the tool with the intent that it be usable by all organizations regardless of the maturity level of their cybersecurity programs.
Once the systematic evaluation process is completed by the application user, RRA compiles a comprehensive analysis including tables and graphs, a summary, and a complete, detailed report. Because the process is standardized and repeatable, subsequent iterations of the assessment will allow organizations to view their progress in building their defenses against ransomware attacks.
Per a report published by Risk-Strategies.com in October 2020, the average cost of a ransomware attack, not including investigative costs, system restorations, and vulnerability mitigation, was $275,000. The report goes on to state that average business disruption costs resulting from these attacks was $398,000. These costs continue to rise.
CISA encourages all organizations to take advantage of the RRA tool to better protect themselves from this growing threat. In addition to the RRA component, the desktop CSET application as a whole provides organizations with the tools they need to evaluate their overall security posture and identify areas in need of improvement. Assessments conducted using these tools can be repeated to evaluate progress. Although they do take time to complete, management should consider the risks associated with not taking advantage of these free assessment tools.