2024 MS-ISAC Tribal Sector Cybersecurity Report

The 2024 MS-ISAC® Tribal Sector Cybersecurity Report provides a comprehensive overview of the cybersecurity landscape for U.S. Tribal organizations. Key findings from the 2023 Nationwide Cybersecurity Review (NCSR) reveal that Tribal participation increased by 47%, with 22 organizations completing the assessment. The average cyber maturity score was 3.76 on a 1–7 scale, falling below other local sectors. Top security concerns include lack of documented processes, increasing threat sophistication, and insufficient funding. Notably, 82% of Tribal organizations use a security framework, scoring 17% higher on average than those not using one.

The threat landscape analysis from January 2023 to May 2024 identified SocGholish, ZPHP, and MageCart as the top malware impacting U.S. Tribal entities, with AsyncRAT emerging as the primary non-malware threat.

The MS-ISAC Malicious Domain Blocking and Reporting (MDBR) service blocked 98 million malicious DNS requests, predominantly categorized as “Command and Control” and “Malware”-related. Incident response activities addressed business email compromise, phishing, malware infections, and ransomware incidents.

This report underscores the critical need for U.S. Tribal organizations to enhance their cybersecurity posture through framework adoption, continuous assessment, and taking full advantage of available resources and partnerships.