HomeAbout usMediaCIS Press ReleasesCIS Releases Results of 18 Month Study of U.S. Tribal Organization Cybersecurity

CIS Releases Results of 18 Month Study of U.S. Tribal Organization Cybersecurity

Report identifies areas in need of improvement, offers recommendations

EAST GREENBUSH, N.Y., September 19, 2024 – It came in as an email from a trusted business partner. Recognizing the sender, several employees at a U.S. Tribal organization opened the attached document. Despite having some precautions in place, what they believed to be legitimate communication turned out to be a targeted cyber attack.

It's called a business email compromise (BEC), and it can lead to significant financial loss or data exposure. It's one of several tactics that cyber threat actors are using to target U.S. Tribal organizations. The Center for Internet Security, Inc. (CIS®) has just released the results of an 18-month study into the cybersecurity landscape of U.S. Tribal organizations.

Among the key findings of the 2024 MS-ISAC® Tribal Sector Cybersecurity Report:

  • Top security concerns are a lack of documented security processes (91%), keeping up with evolving cyber threats (59%), and a lack of funding (55%).
  • The Tribal Sector lags behind others when it comes to cyber maturity, scoring an average of 3.76 on a 1-7 scale.
  • Humans are the weakest link. The top tactics used to target U.S Tribal organizations are business email compromise (BEC), phishing, malware, and ransomware.

There is some good news:

  • Tribal organizations that leverage security frameworks (such as the CIS Controls or NIST CSF) can increase their cyber maturity by 17%.
  • No-cost membership to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) offers 24x7x365 threat monitoring and incident response and serves as a trusted partnership in a Tribal organization's security journey.
  • The U.S. Department of Homeland Security offers more than $18 million in grants to help Tribal organizations bolster their cybersecurity.

"When we set out to create the MS-ISAC Tribal Sector Report, we aimed to answer two key questions: 'What are the most common cyber threats the Tribal community faces?' and 'What tools and resources do Tribal organizations trust to guide them along their cyber maturity journey?'" said Greta Noble, Director of Community Engagement at CIS. "This report includes lessons learned, strategic and tactical recommendations, and expert analysis into today's cyber threat landscape, and I'm eager to share such a fantastic report with the Tribal community."

"As a proud member of both the Tribal community and the MS-ISAC Executive Committee, I have witnessed and benefited from the real-world, positive impact the MS-ISAC has on helping Tribal organizations improve their cyber maturity," said Rob Barnett, IT Business Integration Director, Natives of Kodiak. "This report is both professional and detailed: zeroing in on lessons learned, providing recommendations Tribal organizations can implement immediately, and pointing to trusted resources to help the Tribal community along their cyber maturity journey."

The report is available to download from the Center for Internet Security.

For information or to speak with CIS about the report and its findings, please contact Sr Media Relations Manager, Kelly Wyland at [email protected] or call/text 518-256-6978.

 

###

 

About CIS

The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Controls® and CIS Benchmarks, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously refine these standards to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the cybersecurity needs of U.S. elections offices.  To learn more, visit cisecurity.org or follow us on X: @CISecurity.