The Biden administration is calling on businesses to take measures against a growing ransomware threat across the United States, urging both private and public organizations to raise effective defenses against threat actors.
In an open letter to corporate executives and business leaders, Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology, notes that ransomware incidents have significantly increased in number and size, in America and across the globe.
The letter recalls recent devastating attacks on hospitals, pipelines and banks, noting that “the threats are serious and they are increasing.”
It also notes that the private sector “has a critical responsibility to protect against these threats,” and that “companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively.”
“To understand your risk, business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations,” says Neuberger.
The letter includes the US Government’s guide to rapid progress on driving down risk, including several best practices from the President’s Executive Order issued May 12. Those include:
- Multifactor authentication – because passwords alone are routinely compromised)
- Endpoint Detection &Response – to hunt for malicious activity on a network and block it)
- Encryption – so if data is stolen, it is unusable
- A skilled, empowered security team – to patch rapidly, and share and incorporate threat information in your
“These practices will significantly reduce the risk of a successful cyberattack,” Neuberger writes.
IT administrators are urged to keep offline backups of important data, system images and configurations and regularly test them for signs of compromise.
The White House also instructs US companies to update and patch systems on a regular basis; test incident response plans; employ a pen testing team to check if a sophisticated attack can be stopped; and to segment networks to ensure that, if one network has been compromised, others continue operating.