CISA Official Warns Smaller Critical Infrastructure Companies of Cyber Threats
Brandon Wales, executive director at the Cybersecurity and Infrastructure Security Agency, on Monday called on all organizations, large and small, to invest more in cybersecurity because ransomware hackers do not discriminate when choosing their victims. He said that hackers may not be exclusively targeting large companies but smaller entities as well, Nextgov reported Tuesday.
Wales told participants in a CyberShare event that ransomware operators have shown a willingness to target critical infrastructure of various sizes. He added that cybercriminals are often just looking for the most vulnerable organization in hopes of causing disruption and getting paid off quickly.
The CISA official, however, warned that a disruption in a small local utility can easily cascade into a nationwide problem. He explained that because of the interconnectivity of most U.S. infrastructure, disruption in one small company can also expose larger service providers to attacks.
Wales said that smaller service providers should not assume they would be spared from being targeted by hackers working for nation-states. He urged them to patch up all known vulnerabilities as soon as possible and to retire end-of-life software products that are still in use.
Wales also appealed to heads of small service providers to quickly report any breaches they might detect. He added that the implementation of reporting requirements has become CISA’s top priority.
Meanwhile, CISA said on its website that cyber incidents have surged among small businesses that often do not have the resources to defend against devastating attacks like ransomware.
Tags: Brandon Wales CISA critical infrastructure cybersecurity Cybersecurity and Infrastructure Security Agency Nextgov