In the wake of recent, high-profile cybersecurity incidents—including crippling ransomware attacks— the White House issued an Executive Order on May 12, 2021, to address the urgency of stepping up cybersecurity measures.
This blog post will take a closer look at the implications of the Executive Order on Improving the Nation’s Cybersecurity.
As recent events show, ransomware is more destructive than ever. The Colonial Pipeline ransomware attack in May led to gas shortages and the suspension of critical operations along much of the eastern seaboard. Another ransomware attack paralyzed the City of Tulsa, taking vital business systems and many city services offline.
In San Diego, home to ESET’s North American headquarters, a ransomware attack on May 1 exposed the personal information of nearly 150,000 people in the Scripps Health system, shut down the website, and led to the delay or cancellation of countless appointments and medical procedures.
These incidents illustrate how ransomware attacks can go well beyond threatening our bank accounts and sensitive information. They can paralyze critical infrastructure, disrupt supply lines, and shut down day-to-day operations that entire cities, states and even countries depend on. They can even be life-threatening, particularly when they target hospitals and other healthcare organizations.
- Learn more about protecting your organization against ransomware
In its Executive Order (EO), the White House underscores the need for the cooperation of the private sector in helping to protect the US against cyberattacks. As the EO points out, these private firms make their own decisions about cybersecurity, and those decisions affect domestic critical infrastructure that people depend on each day.
What the Executive Order says
The government has made detailed recommendations for improvement in the following areas of public and private cybersecurity:
- Threat information sharing
- Information technology (IT) and operational technology (OT) modernization
- Software supply chain security
- Cybersecurity safety review board
- Standardized threat response playbook
- Improved detection on federal networks
- Investigation and remediation
You can get details on each topic in the Briefing Room Fact Sheet.
What the cybersecurity EO means for businesses
As of today, most cybersecurity measures remain voluntary in the private sector, which means firms are often on their own in terms of mitigating the fallout from any attacks. However, as these attacks shift from targeting data alone to larger-scale networks and infrastructure, there’s a need for greater cooperation between the public and private sector when it comes to threat prevention and response.
The 4 measures & technologies to prioritize
Until the federal government mandates cybersecurity measures for the private sector, government officials have urged businesses to step up cybersecurity measures in these key areas:
1. Multi-factor authentication
In many cases, bad actors only need to gain access to a network or device in order to do immense amounts of damage. This is why businesses need to consider implementing two-factor or multi-factor authentication. Under these authentication models, another credential—a code sent via SMS, for example, or a fingerprint—is needed in addition to the account holder’s password. This extra layer of authentication security alone can prevent unauthorized access via lost or stolen passwords or brute force attacks.
2. Endpoint detection & response (EDR)
Many cyberattacks go unnoticed until it is too late. An EDR solution can help to detect stealthy cyberattacks by continually collecting, analyzing and monitoring data from a large number of endpoints simultaneously. Using advanced threat analysis, EDR systems can trigger alerts and alarms to pinpoint and respond to more advanced and persistent threats that fly under the radar of automated cybersecurity systems. Read more about the importance of EDR here.
3. Encryption
Bad actors can’t use data if they can’t read it—that’s Encryption 101. By encoding files, messages, and other sensitive information, companies ensure that, even in the case of breach or a lost/stolen device, sensitive data is inaccessible without an encryption key.
4. Backup and recovery
You don’t want to find yourself in a situation such as the Colonial Pipeline incident, in which ransomware essentially paralyzed operations by blocking access to data. This is where a sound backup and recovery plan comes into play. While most organizations understand that backing up data is important, many simply don’t get around to doing it until it’s too late. Don’t be one of them. Keep your data backed up and your systems patched and updated.
Conclusion: Take action now
President Biden’s EO is a strong indicator of how urgent cybersecurity has become in both the private and public sector. If you haven’t already, you need to implement the four best practices mentioned above. Better yet, use the EO guidelines to re-examine your entire approach to cybersecurity. That includes assessing the security posture of any third-party vendors or contractors as well.
The unrelenting headlines about ransomware and other threats only confirm that no government or company is immune from catastrophic cyberattacks. The message is clear: If you haven’t already implemented a strong, multilayered security strategy, including educating your employees about cybersecurity, the time to start is now.