As ransomware attacks rise, the White House is urging the private sector to do more to protect against the escalating threat and ease the burden placed on federal law enforcement and cybersecurity officials.
Anne Neuberger, deputy assistant to President Biden and Deputy National Security Advisor for Cyber and Emerging Technology, wrote in a letter to corporate executives and business leaders that the federal government needs the private sector’s help to stem the tide of ransomware attacks and disincentivize bad actors from conducting them in the first place.
“The private sector also has a critical responsibility to protect against these threats,” Neuberger wrote. “All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location. But there are immediate steps you can take to protect yourself, as well as your customers and the broader economy. Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat.
Neuberger calls on companies to implement best practices outlined in President Biden’s executive order on improving the nation’s cybersecurity, which is being implemented in federal agencies. Those include multi-factor authentication, endpoint detection and response, encryption and hiring a skilled security team.
Here’s Neuberger’s full letter to business leaders: pic.twitter.com/G3AWzwRLwm
— Alexander Marquardt (@MarquardtA) June 3, 2021
Private organizations are also urged to:
- Backup data, system images and configurations and regularly test them. Backups should be kept offline.
- Update and regularly patch systems.
- Test incident response plans.
- Check the security team’s work with a third-party penetration tester.
- Segment networks.
The letter also included a fact sheet on the executive order and other guides and resources from the Cybersecurity and Infrastructure Security Agency.
Neuberger wrote that business executives need to address these issues immediately to discuss the rising threat of ransomware and review their organization’s corporate security posture so any private organizations that are critical to the health and safety of the country are able to stay online safely.
The letter comes after several high-profile ransomware attacks have taken organizations offline and demanded hefty ransom payments. Those include Colonial Pipeline, the largest pipeline operator on the East Coast that was forced to go offline after it was hit with a ransomware attack last month. The company reportedly paid more than $4 million in ransom.
Other victims include European government agencies, Brazilian meat processor JBS, Bose and more.
“The threats are serious and they are increasing,” Neuberger wrote. “We urge you to take these critical steps to protect your organizations and the American public. The U.S. Government is working with countries around the world to hold ransomware actors and the countries who harbor them accountable, but we cannot fight the threat posed by ransomware alone. The private sector has a distinct and key responsibility. The federal government stands ready to help you implement these best practices.”