Following on the release of its Executive Order on Improving the Nation’s Cybersecurity, which was informed heavily by the Institute for Security + Technology’s Ransomware Task Force Report, the Biden administration has distributed a memo to the private sector urging specific actions to mitigate the impacts of the surge in criminal attacks on US and global organizations.
This whole-of-government response is intended to address cybercrime head-on, treating it like the critical national security issue it has become, and setting an example that can be adopted by other nations around the world.
While ransomware has been around since 1989, its use and sophistication has exploded in the past several years. Starting in 2013, CryptoLocker changed the game by introducing cryptocurrency as the ransom payment, dramatically increasing the ease of collection while lowering traceability and risk to the attackers. Permissive environments in places like the former Soviet Union, Iran, and North Korea injected a geopolitical element to the problem, where attackers enjoy tacit approval to attack Western entities as long as they don’t harm internal organizations.
The result has been an explosion of ransomware attacks, including high-profile incidents such as Colonial Pipeline, JBS, and the Steamship Authority serving Martha’s Vineyard and Nantucket. Schools, hospitals, and municipalities are also popular targets because they often don’t have the budget for robust security systems, and their services are essential to health and safety. Corporations are targeted due to their deep pockets (often augmented by cyber insurance) and their propensity to pay the ransoms to avoid an impact on public perception.
The Biden administration memo to business leaders in the private sector is another step in addressing the dangers of ransomware. While the May 2021 Executive Order addresses the government issues around policy, information sharing, and government purchasing, the new memo provides important guidance to the private sector, providing executives with five best practices for safeguarding against these types of attacks. According to CNBC, these five best practices are:
- Backup your data, system images, and configurations, regularly test them, and keep the backups offline
- Update and patch systems promptly
- Test your incident response plan
- Check your security team’s work
- Segment your networks
The Executive Order, this memo, and other investments that the Biden administration is making in cybersecurity (including the $9.8 billion it’s proposing to modernize government IT systems) show how focused the government is on actively combating cyber threats. The challenge is a big one; hacker groups are now offering their ransomware expertise as a service. This ransomware-as-a-service (RaaS) offering allows even unskilled, low-level hackers and technologists to take down entire organizations and demand millions of dollars in ransom to restore operations.
For organizations seeking to follow advice in the memo, companies like NetWitness help to stay a step ahead of cyber threats. Incident Response and Cyber Defense Services from NetWitness can help companies proactively prepare for cyber threats like ransomware, and Incident Response Retainers can provide confidence that organizations can minimize damage and restore operations in the event of an attack. Our team of world-class threat hunters, analysts, and researchers help reduce business risk and improve overall security by identifying, mitigating, and eradicating threats, advancing risk management programs and fulfilling compliance requirements. Most importantly though, our team is helping organizations follow all the best practices the White House memo outlines.
You can also learn more about how the NetWitness Platform detects ransomware attacks, and get an in-depth look at more best practices you should start following now through the RSA Link Community.