- Phil Muncaster’s article discusses the relaunch of CISA’s Cybersecurity Insurance and Data Analysis Working Group (CIDAWG) to evaluate the effectiveness of security controls against ransomware and other cyber threats.
- CIDAWG, in collaboration with Stanford’s Empirical Security Research Group, aims to analyze aggregated, anonymized loss data to understand how well various cybersecurity controls work.
- The project aims to guide resource investment for organizations and governments and improve baseline security across sectors, particularly in light of the increasing ransomware attacks in the U.S.
In an article by Phil Muncaster, the US Cybersecurity and Infrastructure Security Agency (CISA) is reported to have relaunched the Cybersecurity Insurance and Data Analysis Working Group (CIDAWG). Initially founded in 2016, the renewed focus of CIDAWG, as explained by CISA deputy director Nitin Natarajan, is to foster collaboration with the industry to understand better which security controls are most effective in defending against cyber incidents, including rampant ransomware attacks.
The relaunch of CIDAWG is particularly timely given the rising ransomware cases in the U.S., which saw a 60% annual increase in incidents reported to the FBI. This surge has contributed significantly to a 49% increase in overall cybercrime losses, escalating from $6.9 billion in 2021 to $10.3 billion in the following year. Such figures underscore the urgent need for effective cybersecurity measures and informed resource allocation for organizations and the government.
A key initiative in CIDAWG’s renewed efforts is its collaboration with Stanford’s Empirical Security Research Group. To assess their effectiveness, the working group plans to correlate data with cybersecurity controls. This involves analyzing aggregated and anonymized loss data, which will serve as a crucial resource for insurers in their risk analysis and for CISA to gauge the success of efforts like the Cyber Performance Goals (CPGs) and the Secure by Design initiative.
The overarching aim of this project is to drive best practices and improve baseline security across organizations. By understanding which security controls are most effective, CIDAWG hopes to provide valuable insights to guide where resources are best invested to reduce cyber risk exposure and enhance overall cybersecurity resilience. The findings from CIDAWG’s analysis are expected to be instrumental in shaping future strategies and investments in cybersecurity, thereby making a significant impact in the fight against the growing cyber threats.
Leave a Reply
You must be logged in to post a comment.