The US cyber security authority CISA has launched a program in which it scans critical infrastructures for vulnerabilities that are vulnerable to ransomware attacks. The IT security experts will have the program at the end of January Ransomware Vulnerability Warning Pilot (RVWP) started.
The one signed by US President Biden in March 2022 Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) obliges CISA to set up the RVWP. The basic idea behind this is that many cyber attacks are based on known vulnerabilities, which the perpetrators then use to break into networks, for example.
Problem: updates not installed
Businesses and organizations can reduce the attack surface by installing readily available updates to patch known security vulnerabilities. This drastically reduces the likelihood of becoming a victim of ransomware. However, it appears that most institutions are unaware that a vulnerability that ransomware backers exploit exists in their network CISA in the announcement of the RVWP program out of.
“CISA leverages existing authorities and technology to identify IT systems that exhibit vulnerabilities that often arise in the context of ransomware attacks. Once CISA identifies affected systems, our regional cyber security staff notifies system owners of the security gaps found and thus enable damage to be averted at an early stage before harmful break-ins occur,” is how CISA explains the procedure that has now been implemented.
It’s not just the United States that has instructed its top IT security authority to take preventive protective measures for networks and critical infrastructures. At the end of last year, the United Kingdom’s cyber security authority also started nationwide scanning of networks for vulnerabilities.
(dmk)
