So, today CISA released another ransomware notice. The Cybersecurity and Infrastructure Security Agency is an agency of the United States Department of Homeland Security that is responsible for strengthening cybersecurity and infrastructure protection.
When CISA first started doing public
ransomware advisories years ago, fighting social engineering was rarely mentioned as a defense, despite the fact that they had identified social engineering as the main way ransomware exploited customers. Now, security awareness training is in the top 3 of every CISA and FBI ransomware warning. We'd love it to be number one, but we can take it as a win. This is a zoomed-in picture of the top right box:
We're not sure how much Roger Grimes was involved in this outcome, but he did bug CISA every single time he came across a CISA or FBI warning that did not include SAT as a top defense. 😄
Here are the top three defenses that he's been recommending, with varying details, in every KnowBe4 webinar he has given for years.
To be sure, we don't know if we had anything to do with CISA's top 3 recommendations, they do not tell us anything about those decisions, but we like to think our nudges helped.
Here is the link to the CISA #StopRansomware Advisory: