BACKGROUND:
Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology, has issued an open letter to corporate executives and business leaders on escalating ransomware attacks. The letter urges heightened vigilance and specific cybersecurity protection and prevention steps be taken immediately to protect US corporations against attacks. Experts with Gurucul and YouAttest offer thoughts and additional perspective.
Experts Comments
These ransomware attacks show how dependent the US infrastructure is on private companies. These private incidents are proving to cause public harm and this memo signals that the government is interested in stepping in to protect the public interests. Unfortunately, as long as ransomware response is a budget line-item for these industries, these attacks will continue. It’s unclear what incentives or penalties can come out of anti-ransomware regulation, but if private lapses in due diligence continue to result in public breakdowns in critical logistics, industries that received little federal oversight for their IT operations could see additional attention in an attempt to minimize the threat caused by attacks against infrastructure and availability.
Hopefully this memo is the first step towards a coordinated response against ransomware attacks, but the ultimate responsibility for eliminating these threats requires cooperation from many different entities; industry to perform due diligence, regulatory bodies to provide meaningful guidance and incentives, lawmakers to provide additional legal avenues for responses and damages, and even diplomatic efforts with foreign powers that turn a blind eye to these ransomware operators.
Linkedin Message
@Jamie Boote, Security Consultant , provides expert commentary at @Information Security Buzz.
"These ransomware attacks show how dependent the US infrastructure is on private companies...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-react-white-house-open-letter-to-companies-re-ransomware
Facebook Message
@Jamie Boote, Security Consultant , provides expert commentary at @Information Security Buzz.
"These ransomware attacks show how dependent the US infrastructure is on private companies...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-react-white-house-open-letter-to-companies-re-ransomware
The White House is calling for immediate actions enterprises should take to mediate the risk of ransomware and other attacks. One of the focus areas was the segmentation of networks. We have seen firsthand how current compliance measures intersect with new security initiatives such as Zero Trust and Micro-Segmentation.
The White House is calling for immediate actions enterprises should take to mediate the risk of ransomware and other attacks. One of the focus areas was the segmentation of networks. We have seen firsthand how current compliance measures intersect with new security initiatives such as Zero Trust and Micro-Segmentation.
Linkedin Message
@Garret F. Grajek, CEO, provides expert commentary at @Information Security Buzz.
"One of the focus areas was the segmentation of networks...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-react-white-house-open-letter-to-companies-re-ransomware
Facebook Message
@Garret F. Grajek, CEO, provides expert commentary at @Information Security Buzz.
"One of the focus areas was the segmentation of networks...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-react-white-house-open-letter-to-companies-re-ransomware
These are all excellent recommendations. However, there is a missing element of proactive defense here. Organizations need to implement cyber defenses that can reduce the attack surface and detect ransomware attacks in real-time, not just prepare for quickly resuming operations after a ransomware attack. Modern security operations should include data science powered technology paired with traditional cyber defenses to thwart ransomware attacks. Privileged access management, continuous
.....Read MoreThese are all excellent recommendations. However, there is a missing element of proactive defense here. Organizations need to implement cyber defenses that can reduce the attack surface and detect ransomware attacks in real-time, not just prepare for quickly resuming operations after a ransomware attack. Modern security operations should include data science powered technology paired with traditional cyber defenses to thwart ransomware attacks. Privileged access management, continuous authentication, MFA, risky account discovery and cleanup, intrusion detection, behavioral analytics, data loss prevention, firewalls, Endpoint Detection and Response (EDR) or even better Extended Detection and Response (XDR) - all these are modern security measures needed to keep attackers from successfully penetrating corporate networks and interrupting operations. The technology is available. It’s just a matter of putting it in place and working diligently to identify and derail cybercriminals and malicious insiders before they derail you.
Read LessLinkedin Message
@Saryu Nayyar, CEO, provides expert commentary at @Information Security Buzz.
"Organizations need to implement cyber defenses that can reduce the attack surface and detect ransomware attacks in real-time...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-react-white-house-open-letter-to-companies-re-ransomware
Facebook Message
@Saryu Nayyar, CEO, provides expert commentary at @Information Security Buzz.
"Organizations need to implement cyber defenses that can reduce the attack surface and detect ransomware attacks in real-time...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-react-white-house-open-letter-to-companies-re-ransomware
Be part of our growing Information Security Expert Community (1000+), please register here.
After the recent string of attacks on U.S. critical infrastructure, the Biden Administration called on business leaders directly to protect themselves from ransomware through a number of security best practices including Zero Trust Segmentation of their networks. With additional reports confirming President Joe Biden will address these attacks with Russian President Vladimir Putin in their upcoming meeting, it’s clear that the U.S. is “not taking any options off the table” in mulling
.....Read MoreAfter the recent string of attacks on U.S. critical infrastructure, the Biden Administration called on business leaders directly to protect themselves from ransomware through a number of security best practices including Zero Trust Segmentation of their networks. With additional reports confirming President Joe Biden will address these attacks with Russian President Vladimir Putin in their upcoming meeting, it’s clear that the U.S. is “not taking any options off the table” in mulling over retaliation.
In the future of cyber warfare, ransomware is adversaries’ weapon of choice. With that, and as reflected in the Biden Administration’s Executive Order, it is critical for U.S. federal agencies and the private sector to implement segmentation and Zero Trust into their cybersecurity infrastructures in order to combat the emerging and insidious threat of information warfare.
This need for a Zero Trust posture is further reinforced by the fact that our complete reliance on detection and prevention techniques to find threats and stop bad actors is failing us. With nation-states operating at all time high levels of sophistication and impact, a failure to recognize this will result in a small incident turning into a catastrophic attack -- with the power to impact human lives.
Read LessLinkedin Message
@Andrew Rubin, CEO, provides expert commentary at @Information Security Buzz.
"In the future of cyber warfare, ransomware is adversaries’ weapon of choice...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-react-white-house-open-letter-to-companies-re-ransomware
Facebook Message
@Andrew Rubin, CEO, provides expert commentary at @Information Security Buzz.
"In the future of cyber warfare, ransomware is adversaries’ weapon of choice...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-react-white-house-open-letter-to-companies-re-ransomware