CLOCKING OUT
High and medium-severity CVEs strain resources
The decline in patching is likely due to an increased volume of vulnerabilities . Critical manufacturing experienced a 38 % yearover-year increase in high severity vulnerabilities . In 2022 alone , 76 % of critical manufacturing organisations have high and medium-severity CVEs .
These CVEs may , in some cases , facilitate ransomware groups ’ targeting of organisations in the sector . Manufacturers experienced an increase in malware infections from 2021 to 2022 . In 2022 , 37 % of critical manufacturing organisations had malware infections .
“ While investing in more technology might seem burdensome to resource-constrained critical infrastructure operators , the reality is that cybersecurity ratings technology is extremely cost-effective , especially when you consider the catastrophic cost of a breach is US $ 9.44 million on average for US organisations ,” said Yampolskiy . “ By leveraging security ratings , these organisations have a simple way to build resilience and make more informed decisions to strengthen their cyberdefences by confidently measuring risk and quantifying the trustworthiness of their partners , contractors , third-and fourth-party vendors and supply chains .”
Recognising the persistent threat posed by ransomware attacks to organisations of all sizes , the Cybersecurity and Infrastructure Security Agency ( CISA ) has announced the establishment of the Ransomware Vulnerability Warning Pilot ( RVWP ) as authorised by the Cyber Incident Reporting for Critical Infrastructure Act ( CIRCIA ) of 2022 . Through the RVWP , CISA will determine vulnerabilities commonly associated with known ransomware exploitation and warn critical infrastructure entities with those vulnerabilities , enabling mitigation before a ransomware incident occurs .
The RVWP will identify organisations with Internet-accessible vulnerabilities commonly associated with known ransomware actors by using existing services , data sources , technologies and authorities , including its free Cyber Hygiene Vulnerability Scanning service .
CISA recently initiated the RVWP by notifying 93 organisations identified as running instances of Microsoft Exchange Service with a vulnerability called ‘ ProxyNotShell ’, which has been widely exploited by ransomware actors . This initial round of notifications demonstrated the effectiveness of this model in enabling timely risk reduction as the RVWP is further scaled to additional vulnerabilities and organisations .
“ Ransomware attacks continue to cause untenable levels of harm to organisations across the country , including target rich , resource poor entities like many school districts and hospitals ,” added Eric Goldstein , Executive Assistant Director for Cybersecurity , CISA . “ The RVWP will allow CISA to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organisations . We encourage every organisation to urgently mitigate vulnerabilities identified by this programme and adopt strong security measures consistent with the US Government ’ s guidance on StopRansomware . gov .” �
www . intelligentbuild . tech 69