Last week, White House sent out a memo addressed to Corporate Executives and Business leaders titled What We Urge You to Do To Protect Against The Threat of Ransomware.
You don’t have to be a news junkie to realize that ransomware incidents are on the rise. With recent attacks on the fuel pipeline and a major meatpacking company that resulted in disrupted operations affecting millions, it’s obvious cyber criminals are getting more brazen and finding their efforts to be fruitful.
Anne Neuberger, a cybersecurity adviser at the National Security Council said in the memo that “(a)ll organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location”.
In the memo, she lays out six steps organizations should take to minimize the risk of a cybersecurity incident:
- Implement the best practices from President Biden’s Executive Order:
These include 1) Implementing Multi-Factor Authentication to render stolen credentials insufficient for access; 2) Endpoint Detection and Response, a means of hunting for and blocking malicious activity on network devices; 3) Encryption to make stolen data unusable and; 4) a skilled, empowered security team to patch vulnerabilities quickly and incorporate threat information into defense strategies.
- Backup your data and test backups regularly
Employ a reliable backup strategy where data and system configurations are captured frequently and stored either offline or using incorruptible media.
- Update and patch systems promptly
Critical security patches are key to closing off vulnerabilities. Make sure your systems are patched as new patches are made available.
- Implement and test an incident response plan
It’s been said that no plan survives first contact, so have a plan and challenge it to make sure any discrepancies or gaps are uncovered and remedied.
- Check your security team’s work
Engage a 3rd party to challenge your networks security position with penetration testing.
- Where possible, segment your networks
Separate business functions from manufacturing / production / operations to limit exposure in the event a breach occurs.
On Tuesday June 22nd at 11 AM, we’ll be holding a 30-minute online cybersecurity workshop with Arctic Wolf Networks that specifically takes a look at how you can implement one of these recommendations – employing a skilled, empowered security team. Until recently, this was a function that only large enterprises could afford to support. Find out how Arctic Wolf makes this possible to every company, regardless of size.
Sign up is easy and there’s no cost. We hope to see you on the 22nd!