The Cybersecurity and Infrastructure Security Agency completed 1,754 notifications to critical infrastructure organizations in calendar year 2023 through its Ransomware Vulnerability Warning Pilot program.
Launched in March 2023, the RVWP program seeks to help federal government, state and local agencies and critical infrastructure organizations mitigate vulnerabilities and protect their networks and systems from ransomware attacks through notifications, CISA said Thursday.
Of those more than 1,700 notifications, CISA found that 852 resulted in patching of vulnerable devices, implementation of a compensating control and actions to take those devices offline after receiving notifications.
CISA has called on organizations to adopt its Cyber Hygiene Vulnerability Scanning, a no-cost service that tracks internet-connected devices for known vulnerabilities and informs organizations of vulnerabilities commonly linked to ransomware exploitation.
According to the agency, organizations implementing the vulnerability scanning service could reduce their exposure by 40 percent within the first year.
Join the Potomac Officers Club’s 2024 Cyber Summit on June 6 and hear cyber experts, government and industry leaders discuss the latest trends and the dynamic role of cyber in the public sector. Register here.