Cybersecurity

White House sends out memo to private sector on cyberattack protections

The White House has sent out recommendations to the private sector over how to protect themselves from cyber intrusions after a series of attacks left companies and government agencies vulnerable. 

Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger in a memo obtained by The Hill sounded the alarm over recent high-profile attacks against places like Colonial Pipeline and SolarWinds and said the private sector must recognize the dire threat that hacks pose to its companies.

“All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” she wrote. “Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat.”

“To understand your risk, business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations.”

Among the steps Neuberger said companies should take are implementing multifactor authentication, bolstering security teams, regularly testing backups and updating patches, testing incident response plans and separating and limiting internet access to operational networks.

“The threats are serious and they are increasing. We urge you to take these critical steps to protect your organizations and the American public,” wrote Neuberger. 

“The U.S. Government is working with countries around the world to hold ransomware actors and the countries who harbor them accountable, but we cannot fight the threat posed by ransomware alone. The private sector has a distinct and key responsibility. The federal government stands ready to help you implement these best practices,” Neuberger added.

The guidance comes amid a string of concerning cyber intrusions that have targeted systems operated by both the federal government and private companies. 

Colonial Pipeline, which supplies around 45 percent of the East Coast’s fuel, temporarily shut down its operations last month after a ransomware attack carried out by a Russian-based criminal group targeted some of its data. JBS USA, the nation’s largest beef supplier, was hit by a similar ransomware attack this week that is believed to have also originated from Russia.

Ransomware attacks have spiked during the coronavirus pandemic as hackers target vulnerable and critical organizations they believe are more likely to pay up to regain access to their networks and data.