The Need for Ransomware Reporting
Both the RTF and government officials cited concerns about a lack of consistent ransomware incident reporting by businesses, despite recent legislative efforts in this area including the Strengthening American Cybersecurity Act that gives critical infrastructure entities a 72-hour reporting deadline to notify the Cybersecurity and Infrastructure Security Agency (CISA) after experiencing a cyberattack.
“The data we have is largely cobbled together through collaborations among law enforcement, government agencies, insurers, and researchers, but even this patchwork view is incomplete,” according to the RTF. “The resulting picture fails to capture the scope, scale, and impact of ransomware attacks, making it hard to accurately interpret available and incomplete data to assess the efficacy of actions being taken.”
One challenge is providing an incentive for businesses to report attacks, particularly with organizations fearing reputational impact, law enforcement backlash or regulatory requirements. During the RTF event, security experts said there needs to be better communication that relays that companies won’t be victimized by reporting incidents. A lack of response by government officials once an incident is reported is another issue, said Eleanor Fairford, deputy director for incident response with the National Cyber Security Centre.
“Reporting is an essential component with important data to inform our understanding of attacks,” she said. “Part of the reason for the drop off in reporting is a lack of response.”
Overall, as threat actors rapidly shift their tactics, it’s essential to continue prioritizing efforts to combat ransomware, said the RTF. The task force acknowledged the steps taken over the past year by the U.S. government, but said that there is more work to be done.
“While the debated rise in observed incidents paints a gloomy picture at present, we believe the increased level of action, awareness, and visibility is positive and that with continued focus, will eventually lead to a greater level of understanding of this threat, along with an improved ability to deter, disrupt, prepare for, and respond to attacks,” according to the RTF.