More than three dozen governments met at the White House this week to talk about fighting ransomware. It’s the second of these annual meetings and the first time in person. And companies joined, including Crowdstrike and Microsoft.
“We commit to work together to prioritize disruption targets to leverage the breadth of authorities and tools available to pursue hard and complex targets more effectively. We intend to increase the number and impact of our disruption actions so that ransomware actors are stopped in their tracks,” members of the Counter Ransomware Initiative said in a joint statement after the conclusion of their two-day conference hosted by the Biden administration.
The group is “committed not only to protecting ourselves and each other from ransomware but also to helping other countries protect and disrupt so that ransomware is unable to gain traction worldwide,” vowing to offer technical and threat information and protection “as broadly as possible.”
Members also promised to “work together to increase political costs on countries that harbor and enable ransomware actors,” a reference to countries like Russia.
Why do we care?
There’s a growing list of organizations that IT companies will need to be tracking. In the US, it’s NIST and CISA. The UK, the National Cyber Security Centre. Or the Australian Cyber Security Centre. There’s the European Union Agency for Cybersecurity.
Here, spend a lot less time on vendors about cyber security and more on agencies. Frankly, it’s hard enough keeping up with all of this, and investments in deliberately tracking these agencies, their policies, and their recommendations, will go a long way.
I continue to be hopeful that these government moves will show continued results. It may get worse before it gets better.