“The most important takeaway from the recent spate of ransomware attacks on U.S., Irish, German and other organizations around the world is that companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively.”Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology, White House Memorandum, “What We Urge You To Do To Protect Against The Threat of Ransomware,” to Corporate Executives and Business Leaders, 02 Jun 2021.
Candidly, it shouldn’t come to the White House having to tell businesses and other organizations to take a threat seriously and to take action to mitigate the threat and prepare to effectively respond. That ransomware has been a serious threat has not been lost on anyone working in the security. The truth is, however, that many organizations have failed to reasonably and properly invest the time, effort and resources to prepare for a ransomware attack and effective response. There are a lot of reasons why that may be the case. The same is true when it comes to preparing for an active shooter, a pandemic, a natural disaster and any number of threats. There are a million excuses, a million reasons, a million “buts.”
“Everything before the word ‘but’ is horseshit.”Jon Snow, a character from Game of Thrones.
At Gate 15, we’ve been talking about ransomware for a long time, and the idea of cross-over effects from cyberattacks to physical consequences just as long. We refer to these as Blended Threats and you can read more about them on our blog (some samples below), or one of the many workshops we’ve conducted with partners around the country. The time for inaction or relying on insurance has certainly long past. Ransomware is not just targeting any one industry or only critical infrastructure. The diversity of threats was captured excellently by Allan Liska (@uuallan) on Twitter (03 Jun). On 02 Jun, the White House distributed a memorandum (complete memo below) sharing some explicit guidance. The memo encourages organizations to take action in a section stating, “What We Urge You To Do Now”.
- Implement the five best practices from the President’s Executive Order;
- Backup your data, system images, and configurations, regularly test them, and keep the backups offline;
- Update and patch systems promptly;
- Test your incident response plan;
- Check Your Security Team’s Work; and,
- Segment your networks.
See the accompanying post, our Gate 15 Risk Roundtable discussion from 07 Jun, for a host of additional references and resources.
Gate 15 on Blended Threats, “a natural, accidental, or purposeful physical or cyber danger that has or indicates the potential to have crossover impacts and harm life, information, operations, the environment, and/or property.” And see more from our blog and these recent posts:
- The Gate 15 Interview: Ransomware Running Rampant!
- Emerging Blended Threats: From TDoS to Insider Threats.
- Blended Threats: When Ransomware Kills…
- Blended Threats: That Time When Ransomware Shut Down Border Security…
- Blended Threats: Holding Buildings Hostage
Understand the Threats.
Assess the Risks.
Take action! Our team is here to help you build the relationships and capabilities you need and to assist in the development of plans, training, and exercises to support your ability to prevent, protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk to your organization in our complex, all-hazards environment.