White House Urges Companies to Prepare for Cyberattacks
Deputy National Security Advisor Responds to Growing National Security Threats
The White House issued a strongly worded memo in 2021 about the need for companies to protect themselves from ransomware. The memo was sent from Anne Neuberger, Deputy Assistant to the President and Deputy National Security Adviser for Cyber and Emerging Technology, and an alumnus of Touro's Lander College of Arts and Sciences (LAS). The document was issued in response to the recent spate of high-profile ransomware hacks and offered some first step best practices for organizations to protect themselves.
“All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” the memo stated. “Under President Biden’s leadership, the Federal Government is stepping up to do its’ part, working with like-minded partners around the world to disrupt and deter ransomware actors. These efforts include disrupting ransomware networks, working with international partners to hold countries that harbor ransomware actors accountable, developing cohesive and consistent policies towards ransom payments and enabling rapid tracing and interdiction of virtual currency proceeds.”
How Neuberger Recommends Preparing for Malicious Activity
More recently, and in light of the potential future cybersecurity issues with a hostile Russia, Neuberger emphasized how important it is to follow these guidelines, and encouraged businesses to follow the same procedures as the federal government when preparing for cyber attacks.
Five Cybersecurity Best Practices
In the 2021 memo, Neuberger highlighted some of the procedures mentioned in the video, and offers additional crucial best practices businesses should follow:
Backing Up Data and Keeping Backups Offline
Keeping backups offline and testing them regularly is vital as ransomware operators typically encrypt or delete backups. In case of a ransomware attack, having an offline backup ensures that your organization can easily bring systems back online.
Update and Patching Systems Promptly
Maintaining and updating the security of operating systems and firmware can prevent many bad actors from accessing unpatched security loopholes. The memo advises the use of a centralized patch management system.
Test Incident Response Plan
“There’s nothing that shows the gap in plans more than testing,” the memo explains. Businesses should ask core questions to complete an incident response plan. Can a business continue without access to certain systems? How long? If a business system was turned offline, what happens to other operations?
Using a Third-Party to Test Security Team’s Work
Having a third party test the security of your system is a surefire way to find your system’s vulnerabilities. “Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors,” the memo states.
Segmenting Networks
The memo notes that recent ransomware operations have shifted from stealing data to operation disruption. By separating business and manufacturing/production operations, companies can limit internet access to networks, identity connections, and develop workarounds in case of a hack, ensuring that if the worst-case scenario ransomware attack occurs, critical functions can continue unimpeded.
A Dire Need for Cybersecurity Efforts
There are two key components necessary to address this issue. One is that companies need to take cybersecurity seriously and invest in it with adequate resources. Secondly, there needs to be more highly educated cybersecurity experts ready to address the scourge of ransomware attacks we’re currently facing.
Unlike some other STEM fields, a cybersecurity bootcamp and certification is sometimes all that’s needed to get started in the field. But of course, completing a graduate certificate program is one of the best ways to qualify for relevant job opportunities. The Touro College Illinois graduate certificate program in cybersecurity for healthcare addresses the critical needs of the sector. We can prepare you with the cybersecurity knowledge that’s relevant today, and help you join this growing field.