UPDATED 22:25 EDT / JULY 01 2021


New self-assessment tool allows businesses to assess their exposure to ransomware

The U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency released a new module in its Cyber Security Evaluation Tool Wednesday to allow businesses to assess their exposure to ransomware and their preparedness for defending against an attack.

The Ransomware Readiness Assessment is a desktop software tool that guides network operators through a step-by-step process to evaluate their cybersecurity practices. Applicable to both information technology and industrial control systems, RRA allows users to comprehensively evaluate their cybersecurity posture using recognized government and industry standards.

The RRA is based on a tiered set of practices to assess how well an organization is equipped to defend and recover from a ransomware attack. The assessment provides an analysis dashboard with graphs and tables that present the assessment results in summary and detailed form so that action can be taken. “The RRA also provides a clear path for improvement and contains an evolving progression of questions tiered by the categories of basic, intermediate and advanced,” CISA noted on the CSET wiki.

“This is a positive first step and CISA is on the right track to helping businesses and organizations provide more holistic security,” Sascha Fahrbach, cybersecurity evangelist at privileged access management company Fudo Security sp. z o.o., told SiliconANGLE today. “This new tool will certainly assist various industries in expanding their know-how about ransomware and assessing their readiness towards this threat.”

Security teams need to use the information, data and other elements of this tool and structure that knowledge into an organization’s security policy and strategy, Fahrbach added. “Security should not just be a box-ticking exercise, and although helpful, there are many other layers and steps that must be implemented to safeguard vital industry and IT infrastructure,” he said.

Jerome Becquart, chief operating officer at identity platform provider Axiad IDS Inc., noted that using the tool will prepare businesses for zero-trust security, which was recently highlighted in President Biden’s executive order.

“By assessing their ability to control access to their corporate resources, businesses can identify gaps in their security infrastructure,” Becquart explained. “For instance, many organizations have started enforcing multifactor authentication in parts of their ecosystems, but haven’t secured all their use cases, which could leave vulnerabilities open for hackers to strike.”

Image: CISA

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy