Dive Brief:

• The Cybersecurity and Infrastructure Security Agency said it issued 2,131 pre-ransomware notifications this year, as of November, nearly double the amount the agency issued in 2023. The agency’s year in review features ample evidence of the ceaseless security challenges confronting critical infrastructure at large.
• The agency also released almost 1,300 cyber defense alerts and advisories through the Joint Cyber Defense Collaborative during fiscal year 2024, including 58 joint cybersecurity advisories and products with international partners.
• “Throughout the year we have remained laser focused on leading the national effort to reduce risk to the cyber and physical infrastructure Americans rely on every day, working collaboratively to win and maintain the trust of our myriad partners, including industry, state and local officials, and the election stakeholder community,” CISA Director Jen Easterly said in the Monday report.

Dive Insight:

Despite CISA’s attempts to improve defenses, enterprises and critical infrastructure still confront deep-rooted security challenges and expansive malicious activity.

The agency’s growing efforts around cybersecurity alerts, advisories and pre-ransomware notifications underscore how much malicious activity and ransomware attacks continue to climb.

CISA is reflecting on its accomplishments during fiscal year 2024 as it prepares for a transition in leadership. Easterly plans to step down from the agency when President-elect Donald Trump takes office.

The agency’s next leader will likely get the opportunity to work in the CISA’s new headquarters in Washington, a $524 million centralized facility that started construction this year and is slated for completion in 2027.

One of Easterly’s core initiatives, a push to shift the burden of security responsibility from customers to technology vendors, was introduced as a voluntary pledge in May. More than 250 technology companies have signed the secure-by-design pledge to date.