BACKGROUND:
Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology, has issued an open letter to corporate executives and business leaders on escalating ransomware attacks. The letter urges heightened vigilance and specific cybersecurity protection and prevention steps be taken immediately to protect US corporations against attacks. Experts with Gurucul and YouAttest offer thoughts and additional perspective.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>After the recent string of attacks on U.S. critical infrastructure, the Biden Administration <a href=\"https://www.cnbc.com/2021/06/03/ransomware-attacks-white-house-memo-urges-immediate-action-by-business.html\" data-saferedirecturl=\"https://www.google.com/url?q=https://www.cnbc.com/2021/06/03/ransomware-attacks-white-house-memo-urges-immediate-action-by-business.html&source=gmail&ust=1622887114187000&usg=AFQjCNEA8lOhyZOfSt6GAHh4MtW3jA4f1g\">called on business leaders</a> directly to protect themselves from ransomware through a number of security best practices including Zero Trust Segmentation of their networks. With additional reports confirming President Joe Biden will address these attacks with Russian President Vladimir Putin in their upcoming meeting, it’s clear that the U.S. is “not taking any options off the table” in mulling over retaliation.</p> <p> </p> <p>In the future of cyber warfare, ransomware is adversaries’ weapon of choice. With that, and as reflected in the Biden Administration’s <a href=\"https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/\" data-saferedirecturl=\"https://www.google.com/url?q=https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/&source=gmail&ust=1622887114187000&usg=AFQjCNHsp8MNxncfxalXI67agFxeShaWVQ\">Executive Order</a>, it is critical for U.S. federal agencies and the private sector to implement segmentation and Zero Trust into their cybersecurity infrastructures in order to combat the emerging and insidious threat of information warfare. </p> <p> </p> <p>This need for a Zero Trust posture is further reinforced by the fact that our complete reliance on detection and prevention techniques to find threats and stop bad actors is failing us. With nation-states operating at all time high levels of sophistication and impact, a failure to recognize this <strong>will</strong> result in a small incident turning into a catastrophic attack — with the power to impact human lives.</p>
<div class=\"gmail_attr\" dir=\"ltr\">Ransomware attacks against critical infrastructure represents a shift in attacker tactics that requires a shift in priorities. Previously, industries that prioritised uptime and availability to support their operations weren’t as harmed by data loss and breaches as long as their pipelines kept pumping and the factory lines kept moving forward. The <span class=\"il\">White</span> <span class=\"il\">House</span> is attempting to drive a shift in priorities for these industries that haven’t historically faced the same level of fallout for data breaches as financial institutions and medical companies.</div> <div> <p> </p> <p>These ransomware attacks show how dependent the US infrastructure is on private companies. These private incidents are proving to cause public harm and this memo signals that the government is interested in stepping in to protect the public interests. Unfortunately, as long as ransomware response is a budget line-item for these industries, these attacks will continue. It’s unclear what incentives or penalties can come out of anti-ransomware regulation, but if private lapses in due diligence continue to result in public breakdowns in critical logistics, industries that received little federal oversight for their IT operations could see additional attention in an attempt to minimize the threat caused by attacks against infrastructure and availability.</p> <p> </p> <p>Hopefully this memo is the first step towards a coordinated response against ransomware attacks, but the ultimate responsibility for eliminating these threats requires cooperation from many different entities; industry to perform due diligence, regulatory bodies to provide meaningful guidance and incentives, lawmakers to provide additional legal avenues for responses and damages, and even diplomatic efforts with foreign powers that turn a blind eye to these ransomware operators.</p> </div>
<p>The White House is calling for immediate actions enterprises should take to mediate the risk of ransomware and other attacks. One of the focus areas was the segmentation of networks. We have seen firsthand how current compliance measures intersect with new security initiatives such as Zero Trust and Micro-Segmentation. <wbr />Regulations themselves are not keeping up with these types of technical advances as there are no stated requirements for Zero Trust, but components of the best practices of Zero Trust are imbued into the regulations, and we need the tools and practices that allow our technology to meet our security needs while keeping in compliance.</p>
<p>These are all excellent recommendations. However, there is a missing element of proactive defense here. Organizations need to implement cyber defenses that can reduce the attack surface and detect ransomware attacks in real-time, not just prepare for quickly resuming operations after a ransomware attack. Modern security operations should include data science powered technology paired with traditional cyber defenses to thwart ransomware attacks. Privileged access management, continuous authentication, MFA, risky account discovery and cleanup, intrusion detection, behavioral analytics, data loss prevention, firewalls, Endpoint Detection and Response (EDR) or even better Extended Detection and Response (XDR) – all these are modern security measures needed to keep attackers from successfully penetrating corporate networks and interrupting operations. The technology is available. It’s just a matter of putting it in place and working diligently to identify and derail cybercriminals and malicious insiders before they derail you.</p>