Brandon Wales, the executive director of CISA, spoke on how ransomware perpetrators target businesses of all sizes and how CISA wants firms to stop zero-day incidents.

Federal agencies have increased their efforts to thwart future assaults on the country’s vital infrastructures ever since the widespread ransomware hacking of the Colonial Oil Pipeline and North American JBS Foods branches in 2021.

However, senior management at the Cybersecurity and Infrastructure Security Agency has verified that ransomware hackers also target smaller firms and organisations.

CISA Executive Director Brandon Wales spoke on the necessity for all businesses and organisations to engage in the best cybersecurity procedures as ransomware becomes a more ubiquitous and common threat on Monday at a CyberShare event.

 Wales stated, “We have observed a desire on the part of these ransomware perpetrators to target vital infrastructure of different sizes. And they’re searching for businesses to target where they think they can disrupt services, have an impact on operations, and that the businesses will pay swiftly to get their operations back up and running.

Wales noted that the meddling in one smaller company might provide malicious cyber actors access to the larger essential service providers in the country because most U.S. infrastructure is interconnected.

He cautioned, “They [smaller communication firms] shouldn’t presume that they aren’t…in the sights of a more advanced nation state.”

Wales reaffirmed that the best method for businesses to protect their networks from hackers is to patch all known vulnerabilities as soon as possible, stressing that hundreds of new digital security flaws are discovered every day.

Using software that has reached the end of its useful life and no longer receives essential updates, he continued, does not sufficiently protect against malware. Cybersecurity also includes other basic security measures like password changes and two-factor login authentication.

Incident reporting is a crucial procedure in stopping cyberattacks at all levels of business. He stated that it is a “high priority” to establish incident reporting requirements to federal agencies like CISA.

The Cyber Incident Reporting for Critical Infrastructure Act was enacted by Congress and signed into law by President Biden in March. Wales praised the goal of the law but admitted that for some firms with little resources, the requirement of incident reporting can be difficult.

CISA will shortly issue a call for information to gather suggestions on the specifics needed for reporting in an effort to lessen this burden.

There will be numerous chances; we want to hear from business to understand their viewpoint, said Wales.