Cyber Experts: Lack of Ransomware Reporting Impedes Cyber Defense Efforts
Cyber experts noted during a recent U.S. Chamber of Commerce virtual panel that ransomware victims’ hesitance to report is making it difficult to implement federal cyber defense efforts.
Eric Goldstein, executive assistant director of the Cybersecurity and Infrastructure Security Agency’s cybersecurity division, said it is hard to understand the scope of the problem because some organizations refuse to speak up and communicate with agencies like CISA for remediation.
Peter Marta, a cyber risk management adviser with law firm Hogan Lovells, explained that corporations resist help from law enforcement due to fear that ransomware investigations could lead to the discovery of regulatory violations, Government Technology reported Monday.
According to Alejandro Mayorkas, secretary of the Department of Homeland Security, the lack of reporting does not mean that there is a lack of incidents.
In fact, Mayorkas noted that small businesses account for about half to three-quarters of known ransomware victims.
He argued that small businesses are ideal targets for ransomware actors, considering they make up the backbone of the nation’s economy.
Lawmakers are currently working on a bill to address the lack of reporting among cyberattack victims.
An upcoming bill being drafted by the Senate Intelligence Committee is expected to require private companies to report data breach incidents in order to prevent future major foreign cyberattacks.
Committee Chairman Mark Warner, D-Va., said the legislation would be akin to the breach reporting system implemented by the National Transportation Safety Board, which is focused on catching a breach mid incident.
Warner noted that the lack of a breach notification system has allowed Russia and China to launch cyberattacks with virtual impunity.
Tags: Alejandro Mayorkas CISA cybersecurity Department of Homeland Security DHS Eric Goldstein Government Technology Peter Marta ransomware ransomware victims