Unfortunately a lot of companies won't or can't spend the resources to protect their assets. I suspect that the stock markets will punish such companies harshly for failing to protect their assets.

WASHINGTON —Energy Secretary Jennifer Granholm said Sunday that she supports a law that would ban companies from paying ransoms to hackers holding their information hostage, comments that come after a spate of recent cyberattacks on companies responsible for crucial parts of the U.S. infrastructure.

In an interview with "Meet the Press," Granholm acknowledged that she’s not sure if Congress or President Joe Biden is ready to take that step, but she warned that paying ransoms only emboldens hackers even more. And she said that private companies need to take responsibility and tell the federal government when they are attacked for the good of the country.

“Everyone needs to wake up and up their game in terms of protecting themselves, but also in terms of telling the federal government if they are a target of attacks. Many of these private companies don’t want to let people know, they should not be paying ransomware but they should be letting us know so we can protect the rest of the country,” she said.

“I don’t know whether Congress or the president is at that point,” she said of a ban on paying ransom to cybercriminals, “but I think we need to send this strong message that paying a ransomware only exacerbates and accelerates the problem. You are encouraging the bad actors.”

https://www.msn.com/en-us/news/politics/sec-granholm-backs-ban-on-ransomware-payments-you-are-encouraging-the-bad-actors/ar-AAKLeIp

can not be controlled until we are able to document the flow of Digital money.......!

Trump eliminates top cyber adviser post (2018)

Newer republican meme… “Russia is our friend.”
--------------
Bolton pushing to eliminate White House cyber job

https://www.democraticunderground.com/10142056288
------------------------
White House eliminates top cyber adviser post

https://upload.democraticunderground.com/100210618531

I doubt there's a universal solution that would fit all companies, and government would be turning to the private sector for expertise anyway.

impacts the nation as a whole. The gas fiasco is only one case in point. UK's health system is another. It's a national security issue, since much of this is state sponsored, and government is the only entity with the reach and resources to combat the problem effectively.

The best and brightest in cybersecurity is in Silicon Valley, not in Washington, DC. Recall the ACA rollout under Obama - government relied on private contractors because they lacked the personnel.

but government has the deep pockets and the power to set priorities and mandates. The government doesn't build F-18's. They're contracted out to experts in such things with set specs and set goals to meet national security needs. I don't view cybersecurity any differently than any other form of national security. It's simply national security needs, and in some cases warfare, moved to a different battle space.

could advise and coordinate the businesses getting the proper help. Some of these cyber security companies do some underhanded things, too. The government could be a watchdog for that.

which is light years behind in its systems, processing, and methods. They don't communicate with taxpayers via email, they use snail mail. They store physical paper copies of tax returns to be processed in warehouses and trailers. They are not up to speed.

Could be funding or any one of other issues.

but private industry will outbid for the best and brightest, there is no long-term financial balloon upside in government IT, and government IT simply cannot be known for innovation or freedom to innovate, perhaps because they don't sell their products to private industry. And you likely can't take your expertise, write your own code, and go form a startup. There are restrictions to IT work for the government.

Putting a thumb drive into your work computer is a capital offense. Seriously, that can get you fired. Clicking links on spam emails may or may not get you fired, but at the least it will make you wish you were. Spam / fishing email training twice per year and "test" spam emails sent to random employees on a regular basis.

Personally, I think the US government should consider knowingly harboring hackers as an act of war. We did it with terrorists. Cyberattacks are worse.

any good IT tech will know this.

Check out Darknet Diaries podcast. it's fascinating stuff.