On June 3, the Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology released an open letter to corporate executives and business leaders, imploring them to take immediate actions to address threats from ransomware urgently.
The letter underscores the broad and immediate risks and dangers of ransomware to corporate executives and business leaders. Businesses of all sizes, regardless of industry, should immediately follow the guidance and take steps to ensure that they are prepared to defend against and recover from a ransomware attack.
The private sector plays a significant role in defending against ransomware attacks.
To address the risk, businesses immediately should commence discussing and understanding the ransomware threat, review their security posture, and practice or create incident response plans and business continuity plans to ensure the ability to continue or quickly restore operations following an attack.
ESSENTIAL ACTIONS:
- Immediately implement the following security practices:
- Enable multifactor authentication (because passwords alone are routinely compromised),
- Deploy an endpoint detection & response system (to hunt for malicious activity on a network and block it)
- Encrypt all data, at rest and in use (so if data is stolen, it is unusable)
- Develop or seek a skilled, empowered security team (to patch rapidly, and share and incorporate threat information in your defenses)
- Backup your data, system images, and configurations frequently, regularly test them, and keep the backups offline: Ensure that backups are regularly tested and that they are not connected to the business network.
- Update and patch operating systems, applications, and firmware as soon as possible and maintain the process consistently.
- Test your Incident Response Plan ( if you do not have one – develop a plan with urgency).
- Test your systems and environments for vulnerabilities and gaps. Ask your partners and vendors to do the same.
- Segment your Networks and Data.
