White House to Business: “Take Ransomware Crime Seriously”
As we come out of the COVID-19 pandemic, it appears that another type of infection is threatening business and ransomware continues to spread.
Colonial Pipeline
JBS (world’s largest meatpacking company)
Massachusetts Steamship Authority
Scripps Health
City of Tulsa
A roll call of entities suffering major ransomware attacks just in the few weeks. After the Colonial Pipeline attack, President Biden issued an Executive Order establishing some baselines for cybersecurity with respect to government contracts and improving detection of cybersecurity incidents on federal government networks, among other things. The White House has now issued a rare “wake up call” to private business in the form of an open letter “to corporate executives and business leaders.”
Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger wrote that while the Biden administration has placed an emphasis on resilience, the “private sector has a distinct and key responsibility.”
“All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location. But there are immediate steps you can take to protect yourself, as well as your customers and the broader economy.” Neuberger continued that private companies that “view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively.”
The letter encourages business to do what regular readers of this blog, or attendees at our webinar events, have heard for many years: understand your business risk, convene leadership teams to discuss the ransomware threat, and review corporate security posture and business continuity plans.
Neuberger’s letter highlights best practices to help defend against ransomware attacks:
- Implement the best practices from the President’s Cybersecurity Executive Order
- Prevent Intrusion (Section 3 – multi-factor authentication)
- Minimize impact of intrusion pre-detection (Section 3 – data encryption, zero trust environment)
- Detect and respond to intrusion (Section 6 - incident response playbook, Section 7 – endpoint detection and response, centralized threat-hunting, Section 8 – logging)
- Learning (and disseminating) lessons from intrusion
- Backup your data, system images, and configurations, and keep the backups offline
- Regularly test your data resiliency
- Update and patch systems promptly
- Test your incident response plan (do you have one?)
- Check your security team’s work using a third party pen tester
- Segment your networks
In April, the Federal Trade Commission published a Business Blog post entitled “Corporate boards: don’t underestimate your role in data security oversight” This piece, combined with today’s open letter from the White House, should be mandatory reading for board members. The need for proactive and preventative measures increases by the day. We can assist with a wide range of activities, including:
- Cyber Risk Assessment/Management
- Employee Training
- Incident Response Planning
- Disaster Recovery/Resiliency Planning
- Cyber Liability Insurance Placement