On Monday, President Joe Biden urged US businesses to increase cyber security vigilance amidst intelligence about attacks on American companies. Biden described the magnitude of the threat as “fairly consequential” and stated “it’s coming”, referring to a potential large-scale cyber breach.
The President directed organizations to invest “as much as you can” in closing cyber security gaps and in advancing technological capacities to guard against attacks.
“This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience,” explained Biden.
White House release
In the corresponding release, White House officials urged companies to mandate the use of multi-factor authentication, to backup and encrypt data and to educate workforces about common cyber criminal schemes and tactics, among other initiatives.
The exact nature of the US intelligence remains unclear, however, in Monday’s White House briefing, deputy national security advisor Anne Neuberger stated that foreign adversaries have conducted “preparatory activity” for cyber attacks.
Experts believe that adversaries may be exploring opportunities for potential cyber attacks directed towards critical infrastructure in the United States, yet simultaneously tempered the sentiment by noting that there is no certainty around exactly which sector/s may be targeted.
Last week, the Biden administration privately engaged in classified briefings with select companies and sectors, providing practical insights and advice regarding cyber security threats.
The US government will continue with efforts to provide resources and tools to the private sector, and encourages business leaders to engage with CISA’s Shields-Up campaign.
Advancing your security
In times of cyber uncertainty, ensure that you take as many steps as possible in order to advance your security. The White House recommends that organizations complete the following with urgency:
- Deploy modern security tools across all environments and devices.
- Ensure that systems are up-to-date with the latest patching and that systems are effectively protected from all known vulnerabilities.
- Change passwords across networks in order to mitigate threats associated with previous password thefts.
- Backup data end ensure that offline backups cannot be tampered with by remote threat actors.
- Encrypt data to ensure that any stolen information cannot be used for nefarious purposes.
- US-based companies should implement security practices mandated in the President’s executive order titled Improving our Nation’s Cybersecurity.
Further, organizations may wish to reach out to trusted security partners for additional recommendations that can help rapidly resolve security issues, gaps or concerns.
This White House cyber security push occurs just days ahead of Biden’s scheduled trip to Brussels for a NATO summit on Thursday, after which he will head to Poland for diplomacy engagements.
“We have to work together and assume that bad things will happen, assume there will be cyber attacks, assume there will be disruptive activity,” says Jen Easterly the Director of the US cyber defense agency.
While vigilance fatigue can befall cyber security practitioners, Easterly and others encourage professionals to maintain the high tempo of extreme preparedness.
Get more information about preventing ransomware attacks from Gartner. Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the CyberTalk.org newsletter.