Amid a spike in ransomware attacks globally, the White House is urging companies to do their part in strengthening the cyber defenses of their organizations for themselves, the public and the economy.
“Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat,” Anne Neuberger, deputy assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology, wrote in a June 2 letter to “Corporate Executives and Business Leaders.”
Neuberger cited the Biden administration’s efforts to work with international partners to combat the threat of ransomware and highlighted recent cyber-attacks on a pipeline in the U.S., hospitals in Ireland, France and Germany, and banks in the United Kingdom as examples of the burgeoning threat.
Neuberger also called on leadership teams of businesses to meet to review and understand their cyber risks and how they will continue to function and quickly resume operations in the event of an attack and said that “The most important takeaway from the recent spate of ransomware attacks…around the world is that companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively.”
The letter offers six recommendations for immediate implementation, including following best practices outline in President Joe Biden’s recent executive order aimed at strengthening cybersecurity within the federal government. These best practices include the adoption of multifactor authentication, the use of tools for endpoint detection and response, encryption, and an “empowered security team” that quickly updates network software and shares threat information.
The Washington Post on Thursday first reported Neuberger’s letter, which was later made available to media.
The other recommendations include regular backups of data backups, rapid software patching, exercising incident response plans, third-party assessments of a company’s security team’s work, and network segmentation to separate corporate administration and business from operational technology.
“The U.S. Government is working with countries around the world to hold ransomware actors and the countries who harbor them accountable, but we cannot fight the threat posed by ransomware alone,” Neuberger said. “The private sector has a distinct and key responsibility. The federal government stands ready to help you implement these best practices.”