White House Urges Cybersecurity Boost: Business ReactionIndustry Insiders Laud Security Push From National Security Adviser Anne Neuberger
In response to a string of high-profile and impactful ransomware attacks that took place over the last several months, the Biden administration sent an open letter to U.S. business leaders Thursday asking them to take the proper steps to protect their organizations from ransomware.
The call to action was praised by security professionals and elected officials who called the letter a sign that the White House understands the threat created by ransomware attacks and is taking a proactive approach.
“I’m grateful that President Biden continues to emphasize cybersecurity in the wake of these significant ransomware incidents. The advice in the White House memo is sound, and I hope corporate leaders will adopt a more risk-informed cybersecurity posture as soon as possible. However, I also hope the President will follow Congress’s direction and empower CISA to make future such recommendations," says Rep. Jim Langevin, D-R.I.
The letter was sent Wednesday by Anne Neuberger, deputy assistant to the president and deputy national security adviser for cyber and emerging technology, who noted that being prepared to defend against ransomware attacks is no different than locking the door to your home or office to deter a burglar.
"The private sector also has a critical responsibility to protect against these threats. All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location. But there are immediate steps you can take to protect yourself, as well as your customers and the broader economy," Neuberger wrote.
Rick Holland, CISO with the threat intelligence firm Digital Shadows, says the letter presents an opportunity for security leaders to move their security agenda forward.
"The extortion threat is a clear and present danger, and despite internal efforts, often, it takes external guidance to help justify budget and resources," he says.
There were dissenting opinions, with John Bambenek, threat intelligence adviser for the intelligence firm Netenrich, saying the government needs to do more than simply send letters telling business leaders what they already know.
"What the government can do, and is starting to already look at, is pressuring governments that harbor and turn a blind eye to ransomware, and to find ways to extract consequences from those who engage in such activity," says Bambenek. "Government needs to focus on their pieces of the solution and the things only they can do."
Preparation Is the Key
The difference between an organization that is prepared and one that does not have a plan in place is that the one that is ready experiences a quick recovery and can move on with conducting its business. Part of this preparation must include understanding the threat and having top leadership on the same page when it comes to cyber defense, according to Neuberger.
"To understand your risk, business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations," she wrote.
Chris Grove, technology evangelist with the security firm Nozomi Networks, says once corporate leadership reaches this level of understanding, it can make the right decision if its company is hit with ransomware.
Grove points out that in many attacks, IT and security teams end up shutting down their entire operation out of an abundance of caution and to stop the malware from spreading, when this may not have been necessary.
"Those networks may have been able to resist the attack or may have been super-secure. But in the end, it doesn't matter. The attackers were able to shut down and impact infrastructure outside of the scope of their attack," he says.
U.S. and international firms have been rocked by a series of ransomware attacks that have directly affected millions of citizens. These include the ransomware attack on Colonial Pipeline Co. in May that shut down fuel distribution for much of the East Coast, followed this week when a ransomware attack forced the Brazil-based meat processing giant JBS to temporarily shut down operations across North America and Australia.
The memo suggests all companies should immediately adopt the five best practices as outlined in President Joe Biden's Executive Order on Improving the Nation's Cybersecurity.
- Utilize multifactor authentication;
- Adopt endpoint detection and response;
- Use encryption;
- Create a skilled and empowered security team;
- Share and incorporate threat information in your defenses.
In addition, Neuberger recommends that companies back up data system images and configurations, regularly test them, keep the backups offline, regularly patch and update systems, test the organization's incident response plan, bring in an outside pen tester and segment networks.