In June, Deputy National Security Advisor for Cyber and Emerging Technology, Anne Neuberger, issued a memo on behalf of the White House urging corporate executives and business leaders to take immediate steps to prepare for ransomware attacks. The memo warned that cybercriminals are shifting from stealing data to disrupting core operations. The memo incorporates five best practices recommended by the U.S. Government in President Biden’s Executive Order issued on May 12, 2021. They are as follows:
Backup data, system images and configurations. Regularly test them and keep backups offline. Ensuring that backups are regularly tested and not connected to the business network is critical, as many ransomware attacks attempt to encrypt or delete accessible backups. Storing backups offline allows an organization to restore its systems, even when networks are encrypted with ransomware.
Update and patch systems promptly. Include operating systems, applications and firmware in the timely updating of security patches. Consider a centralized patch management system and use a risk-based assessment strategy to drive patch management.
Test incident response plans. Testing is critical to identify security gaps. Run through core questions and use answers to build a response plan. Good questions to ask include: Can business operations be sustained without access to certain systems? For how long? Would manufacturing operations be turned off if business systems such as billing were offline?
Check security team work. Use a third party pen tester to test the security of systems and ability to defend against a sophisticated attack.
Segment networks. Ransomware attacks have shifted from stealing data to disrupting operations. It is critical to separate corporate business functions and manufacturing production operations. Filter and limit access to operational networks, identifying links between those networks and developing workarounds or manual controls to ensure networks can be isolated and continue to operate if the corporate network is compromised.
By no means is this meant to be a political post. Rather, the five best practices herein are recommended by top cybersecurity professionals. Moreover, local governments can adopt these best practices as well…and should. While your IT team is probably aware of these practices already, as a policymaker you will want to assure them that you are behind them 100% and adopt some effective policies and response plans. For more information on how you can prevent and respond to a ransomware attack visit this CISA website.