With President Biden signing a $1.5 trillion omnibus appropriations bill into law earlier this year, the federal government is poised to spend billions of dollars to strengthen cybersecurity and information technology within its agencies.
But the spending package also addresses one of the more persistent challenges to identifying and mitigating wide-ranging cyberattacks, including ransomware, in the nation’s critical infrastructure: data sharing and notification of a cyber breach.
Included in the omnibus bill was the Cyber Incident Reporting for Critical Infrastructure Act, which requires owners and operators of critical infrastructure to report certain cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) and any ransomware payments within 24 hours.
While further rulemaking from CISA will outline how the new law is to be applied, it nevertheless highlights the importance of sharing information when a cyberattack occurs, including where entities are vulnerable, what attackers were able to access, how the threat was mitigated, and more.
This law will help provide actionable threat intelligence to help head off emerging ransomware and other threats. It also shows the need for incorporating data management and recovery tools into IT environments, both for safeguarding information and for preserving it in the event of an attack.
Reporting’s Role in Mitigating Ransomware
The Cyber Incident Reporting for Critical Infrastructure Act’s reporting requirements are expected to fully take effect once CISA determines how to define the entities covered by the law, but previous policies are likely to confine enforcement to critical infrastructure industries.
Entities in those sectors will be required by the law to report a covered cyber incident no more than 72 hours after one “reasonably believes” it has been attacked. They also have to report any ransomware payments made within 24 hours.
But the law also calls for entities to preserve key information about the cyberattack itself, and this is where a robust data protection strategy comes into play.
Under the new law, any entity facing a cyberattack will have to provide CISA with information about affected information systems, networks, or devices, as well as “vulnerabilities exploited and the security defenses that were in place, as well as the tactics, techniques and procedures relevant to such incident,” and what information is believed to have been accessed by unauthorized individuals.
These measures will allow entities to receive critical threat information early, allowing them to bolster and patch software systems to help prevent the spread of an attack while also generating strategy discussions on how to limit and mitigate the current damage caused by the breach.
At a time when IT environments are becoming more complex, with entities pursuing a mix of multi-cloud, hybrid cloud, and traditional on-prem technology, data management and protection solutions have only become more essential.
Safeguarding Your Data from Cyberthreats
According to the Veeam Data Protection Trends Report 2022, out of more than 3,000 IT decision-makers and global enterprises, 89% report a gap between how much data they can afford to lose in an outage versus how frequently that data is backed up.
Another 18% of respondents report that their data is not backed up at all. With ransomware attacks on the rise, ensuring that your data is not only backed up, but fully recoverable has become more critical than ever.
While the Cyber Incident Reporting for Critical Infrastructure Act will provide technology leaders with valuable intelligence into where attackers are striking and what their targets may be after, entities will still need to have safeguards in place to ensure their data is protected and recoverable in the event of a cyber breach.
For those who have been breached in a ransomware attack, paying the ransom or relying on existing backups may not be enough to limit the damage inflicted on an entity by the cyber breach.
According to the Data Protection Trends Report, 64% of respondents said they were able to recover less than 80% of their data following a cyberattack, with roughly a third of their data unrecoverable.
One best practice an entity can utilize to face these challenges is the 3-2-1-1-0 rule when it comes to its data management strategy. By ensuring that they maintain three copies of important data; on at least two different types of media; with at least one of these copies being off site; one offsite data backup be air-gapped, offline, or immutable; and that zero errors be present following automated backup testing and recoverability verification, IT managers can better help protect their data from potential ransomware threats.
The Cyber Incident Reporting for Critical Infrastructure Act is an important step in helping safeguard the nation’s most important institutional sectors, helping warn them of impending threats in advance of an attack.
But those entities must also take steps to safeguard their data now to help mitigate the damage of a successful cyber breach.
Rick Vanover is Senior Director of Product Strategy at Veeam.