74.5 F
Washington D.C.
Saturday, July 13, 2024

GAO: Agencies Need to Enhance Oversight of Ransomware Practices and Assess Federal Support

Ransomware, malicious software that renders data and systems inaccessible until a ransom is paid, continues to wreak havoc on government operations and critical infrastructure. Its impact extends beyond financial losses, leading to disruptions in healthcare services and critical sectors such as manufacturing, energy, healthcare, and transportation systems. The urgency to combat this growing threat is underscored by the Department of the Treasury’s report, revealing a staggering $886 million total value of U.S. ransomware incidents in 2021—a 68 percent increase from the previous year.

The consequences of ransomware attacks are far-reaching, ranging from financial losses to the incapacitation of vital services, such as emergency care in hospitals. The Federal Bureau of Investigation (FBI) reports that in 2022, 870 critical infrastructure organizations fell victim to ransomware, impacting 14 of the 16 critical infrastructure sectors. Nearly half of these incidents occurred in four sectors—critical manufacturing, energy, healthcare and public health, and transportation systems. The actual scope of the impact remains uncertain due to the voluntary nature of reporting. To address this, the Department of Homeland Security plans to issue new reporting rules by March 2024, aiming for a more comprehensive understanding of ransomware’s repercussions.

In the face of this escalating threat, federal agencies responsible for overseeing risk management in critical sectors have initiated or planned assessments of ransomware risks. However, the adoption of leading cybersecurity practices within these sectors remains largely unknown. Federal agencies designated as sector risk management leads have yet to determine the extent to which the National Institute of Standards and Technology’s recommended practices for addressing ransomware have been adopted. This critical information gap hinders the effectiveness of federal agencies in collaborating on national efforts to combat ransomware.

Although most lead federal agencies have undertaken or planned assessments of cybersecurity threats, including ransomware, within their designated sectors, challenges persist. Half of these agencies have evaluated some aspects of their support to sectors in addressing ransomware. Notably, agencies have received and assessed feedback on ransomware guidance and briefings. However, none have conducted a comprehensive assessment of the effectiveness of their support, as recommended by the National Infrastructure Protection Plan. A thorough evaluation of effectiveness could address sector concerns related to communication, coordination, and the timely sharing of threat and incident information.

As the nation grapples with the evolving landscape of ransomware threats, this report highlights the need for a cohesive and proactive approach among federal agencies and critical sectors. Strengthening the adoption of leading cybersecurity practices, conducting comprehensive risk assessments, and enhancing the effectiveness of federal support mechanisms are pivotal steps towards fortifying the nation’s critical infrastructure against the scourge of ransomware.

Read the full GAO report here.

author avatar
Matt Seldon
Matt Seldon, BSc., is an Editorial Associate with HSToday. He has over 20 years of experience in writing, social media, and analytics. Matt has a degree in Computer Studies from the University of South Wales in the UK. His diverse work experience includes positions at the Department for Work and Pensions and various responsibilities for a wide variety of companies in the private sector. He has been writing and editing various blogs and online content for promotional and educational purposes in his job roles since first entering the workplace. Matt has run various social media campaigns over his career on platforms including Google, Microsoft, Facebook and LinkedIn on topics surrounding promotion and education. His educational campaigns have been on topics including charity volunteering in the public sector and personal finance goals.
Matt Seldon
Matt Seldon
Matt Seldon, BSc., is an Editorial Associate with HSToday. He has over 20 years of experience in writing, social media, and analytics. Matt has a degree in Computer Studies from the University of South Wales in the UK. His diverse work experience includes positions at the Department for Work and Pensions and various responsibilities for a wide variety of companies in the private sector. He has been writing and editing various blogs and online content for promotional and educational purposes in his job roles since first entering the workplace. Matt has run various social media campaigns over his career on platforms including Google, Microsoft, Facebook and LinkedIn on topics surrounding promotion and education. His educational campaigns have been on topics including charity volunteering in the public sector and personal finance goals.

Related Articles

Latest Articles