The Senate Homeland Security and Governmental Affairs Committee released a 51-page report on ransomware attacks and payments, along with a recommendation for the Cybersecurity and Infrastructure Security Agency (CISA) to employ regulatory powers granted to the agency in order to require reporting of ransomware attacks and payments. CISA has issued estimates indicating that only 25% of ransomware attacks and payments in the U.S. are reported to regulatory agencies.
Currently, only critical infrastructure attacks in the United States are required to be reported by CISA. Incidents must be reported within 72 hours, and ransomware payments within 24 hours. However, CISA has been granted considerable authority in the recently passed Cyber Incident Reporting for Critical Infrastructure Act of 2022, signed into law as part of the Consolidated Appropriations Act of 2022, which mandates incident reporting of substantial cyber-attacks and ransomware payments against critical infrastructure. The law has given CISA two years to give notice of additional rule proposals on reporting and another 18 months to issue the final regulations.
12 Essentials for a Successful SOC Partnership
Binary Defense
January 12, 2023
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security
