Anne Neuberger, deputy assistant to the president and deputy national security advisor for cyber and emerging technology, issued an open letter to corporate executives and business leaders on ways to protect against ransomware.
The letter notes the number and size of ransomware incidents have increased significantly and that strengthening the nation’s resilience from cyberattacks is a top priority of President Joe Biden.
After outlining ways the federal government is working to disrupt and deter ransomware actors, Neuberger said, “The private sector also has a critical responsibility to protect against these threats. All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location. But there are immediate steps you can take to protect yourself, as well as your customers and the broader economy. Much as our homes have locks and alarm systems and our buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat.
“The most important takeaway from the recent spate of ransomware attacks on U.S., Irish, German and other organizations around the world is that companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively,” Neuberger said. “To understand your risk, business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue to quickly restore operations.”
The letter provided the following steps the government urged businesses to complete:
- Implement the five best practices from the president’s executive order, including multifactor authentication, endpoint detection and response, encryption, and a skilled empowered security team.
- Backup data system images and configurations, regularly test them and keep the backups offline.
- Update and patch systems promptly.
- Test your incident response plan.
- Check your security team’s work.
- Segment your networks.
“Ransomware attacks have disrupted organizations around the world, from hospitals across Ireland, Germany and France, to pipelines in the United States and banks in the U.K.,” the letter states. “The threats are serious and they are increasing. We urge you to take these critical steps to protect your organizations and the American public. The U.S. government is working with countries around the world to hold ransomware actors and the countries who harbor them accountable, but we cannot fight the threat posed by ransomware alone. The private sector has a distinct and key responsibility. The federal government stands ready to help you implement these best practices.”