Backup, Separate, & Secure: White House Cyber Recommendations Reach The Private Sector – Technology | #microsoft | #hacking | #cybersecurity



United States:

Backup, Separate, & Secure: White House Cyber Recommendations Reach The Private Sector


To print this article, all you need is to be registered or login on Mondaq.com.

On Wednesday, June 2, Deputy National Security Advisor for Cyber
and Emerging Technology Anne Neuberger released an open letter encouraging
businesses within the private sector to adopt immediate protections
against ransomware and other cybersecurity threats. The
recommendations in the letter are helpful and highlight high-level
lessons learned from the increasing frequency and severity of
ransomware attacks. They also remind us of the need to continuously
assess the risk of online threats and implement a comprehensive
approach to cybersecurity to mitigate the risk, including the
deployment of enhanced security controls to meet evolving malicious
technology. 

Neuberger’s letter follows a May 12 Executive Order, which directed
government contractors to adopt heightened cybersecurity measures
and greater collaboration with federal intelligence agencies in the
coming months. The June 2 letter, titled “What We Urge You To
Do To Protect Against The Threat of Ransomware,” urges private
companies to adopt many of the same measures that will be applied
to federal contractors by the President’s Executive Order. The
suggested policies can be broken down into three general action
plans: backup, separate, and secure. 

The first of Neuberger’s suggestions calls for the five best
practices from the President’s Executive Order – each of
which have been found to be necessary and effective in detecting
and defending against ransomware attacks: 

  • implement multi-factor authentication;

  • implement heuristic-based endpoint detection and response
    tools;

  • implement encryption to protect data that may be stolen;

  • engage a skilled security team to patch rapidly and
    continuously update security controls; and

  • share and incorporate threat information in establishing
    defenses.

The second set of suggestions calls for the consistent backup
and encryption of any digital information maintained by the
business. This backup data should include not only client files or
other consumer information, but also system images and settings.
Any operational data, organizational or otherwise, should have at
least one additional encrypted copy. Businesses should routinely
test these backups, ensuring they work in case filing systems and
data need to be restored after a ransomware attack. This backup
data, and any digital company resources in general, should be
maintained separately. Though network-based backup systems are
convenient, particularly for larger enterprise systems, Neuberger
notes that ransomware attacks commonly target and delete backups
that are accessible from a main network, leaving businesses with no
ability to restore compromised systems. Consequently, in addition
to network-based backups, business should ensure current backup
data is stored separately offline, maintaining the option of a
system-wide restore in the case of a ransomware lockout. Consistent
with this, the 3-2-1 backup rule should be considered. This rule
provides that a business should have three copies of its data
– its production data and two backup copies, on two different
media, with one copy offsite for disaster recovery.

The June 2 letter also includes a lesson from recent events,
like the March 2 alert pertaining to Microsoft Exchange
vulnerabilities. The letter recommends that businesses should
promptly update and patch their operating systems, applications,
firmware, and other related software. These system-wide patches and
updates provide the most up-to-date security features and may close
potential loopholes that attackers could use to enter into a
business’ system.

The letter also emphasizes the importance of a basic information
security principle: network segmentation. Networks used for
business functions, for example, should be kept separate from those
used for manufacturing and production. That way, a cyber attack on
one network will not affect overall operations of the business,
maintaining the status quo until the attack is resolved.

Finally, Neuberger’s general suggestions indicate an
increased emphasis on security through localized security response
teams and third-party vulnerability testing. In addition to local
encryption and standard password protection, businesses are
encouraged to create their own security teams and develop incident
response plans. 

In forming these plans, company teams should conduct a risk
assessment to determine which systems are most likely to be
attacked, which information is the most critical to normal business
functions, and how to keep the business operational in the case of
a ransomware attack. Lewis Brisbois’ Data Privacy &
Cybersecurity Team is experienced in working with businesses to
maximize data security and protect against cyberattacks, including
the development of incident response plans and testing the plans
through table top exercises.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Technology from United States



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

thirty − = twenty five