White House issues ransomware directive for businesses
The Biden administration aims to stem parade of ransomware infections, data thefts and massive payouts to cybercriminal groups with a list of security best practices.
The White House issued a memo aimed at helping companies avoid the rising tide of ransomware infections.
The memo, penned by Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger, includes a number of recommendations for "corporate executives and business leaders" on how to avoid falling victim to ransomware attacks.
"All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location. But there are immediate steps you can take to protect yourself, as well as your customers and the broader economy," Neuberger wrote.
"Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat."
Among the recommendations from Neuberger to the business community are common best practices, such as segmenting IT and operational technology networks, hiring outside penetration testers and consultants to test company defenses, and keeping both patches and backups current.
Despite these recommendations being considered basic security measures for companies, they have gone unheeded by many companies, as evidenced by the recent outbreak of malware infections everywhere from oil and gas pipeline companies to meat packing facilities.
Among the more serious attacks was an outbreak of the Conti ransomware variant and a May attack that brought operations at Ireland's national health service to a crawl for weeks.
In addition, there was the Colonial Pipeline attack last month, which shut down one of the main oil pipelines in the U.S., triggering fears of a prolonged gas shortage. While IT operations were restored within a few days, it was later revealed that Colonial Pipeline executives had paid members of the DarkSide ransomware crew $5 million in cryptocurrency to resolve the matter.
"The most important takeaway from the recent spate of ransomware attacks on U.S., Irish, German and other organizations around the world is that companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively," Neuberger wrote in the memo.
"To understand your risk, business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations."
In addition to its efforts to curb the spread of ransomware, the Biden administration has also sought to improve the security of government IT networks by way of an executive order issued in May.
For Charlie Gero, CTO for security strategy at Akamai Technologies, both the executive order and the latest ransomware memo are a welcome change in how the U.S. government views data security.
"It is good having direction from the White House to call out the mitigations companies should put in place," Gero said. "I am shocked at the level of detail. It is very refreshing to see that, and I am glad that they are pushing for that."
Having the government at the forefront could help to speed up adoption of the security measures, as many companies that vie for government contract work will now be required to put in place security safeguards that will be extended to public services and operations.
As for the ramp-up time for adoption, Gero cautioned that some companies will take longer to get these security measures in place, particularly those in industries where technology is not the primary focus of the business.
"I like to think of tech companies as being digital first or not," he explained. "I am finding more and more with companies that use technology to support their products, technology is an afterthought and security is definitely an afterthought. Security tends to be reactive with a lot of buyers."