The letter sent out on June 3rd  by the US National Security Council's top cyber official, Anne Neuberger, leaves no doubt:  No company is safe from being targeted by ransomware, regardless of size or location. Companies must be proactive when it comes to ransomware.

Quote from the US National Security Council's memo

In the memo, the US National Security Council urges companies to  implement the following best practices:

• Back up your data and keep the backups offline.
• Use a risk-based assessment strategy to drive your patch management program.
• Test your incident response plan.
• Use a third-party pen tester to test the security of your systems and your ability to defend against a sophisticated attack.
• Segment your networks.

* Read the complete recommendations in the US National Security Council's memo

Who Gets Hit and Why?

To understand what industries are the focal point of ransomware attackers, use this simple rule of thumb: if the industry is in the headlines, for good or for bad, it is at a higher risk.

For that reason, COVID-19 related targets were popular among cyber attackers in 2020. In the first quarter of 2021, though, we’ve seen a sharp shift in ransomware targets.  So far in 2021, the operations of a few dozens of industrial companies and critical infrastructure sites were disrupted by cyberattacks - more cases than in  2020 together. We’re also seeing that attackers cause more severe damage.  Why? They understand that companies can’t afford any operations disruption and are more willing to pay the ransomware. Indeed,  Colonial Pipeline paid the hackers nearly $5 million in ransom.  This dramatic rise in disruptive ransomware attacks probably explains why the new US administration takes this operational cybersecurity threat very seriously.

How Can You Prepare?

The best practices suggested by the White House are an excellent place to start. 

• Back up your data and make sure the backup is stored in systems that are separate from the business’s network. Make sure that those systems are not connected to the internet. Don’t trust your memory to ensure that; use automated systems that identify systems that are unintentionally connected to the internet.
• Use a risk-based assessment strategy. Trying to mitigate all security flaws in the network can end up in a plan that takes months and years to execute, not to mention the costs. Prioritize the cybersecurity risks based on their actual impact on your business and their real potential to cause operational disruption. 
• Test the security of your systems and your cybersecurity pre-breach and post-breach plans.  Use third-party OT cybersecurity experts familiar with the complexity and uniqueness of operational networks, which are nothing like IT networks.
• Use automated tools to make sure you apply proper network segmentation. Keep in mind that many of the recent attacks targeted IT systems but ended up with operations shutdown. Good segmentation and logical separation of the critical assets from IT systems can dramatically reduce the impact of a ransomware attack.

How can OTORIO Help You?

OTORIO offers a combination of technology and advanced OT cybersecurity services, including risk assessment, segmentation evaluation, pen-testing and incident response. OTORIO offers an automated Security Assessment - OTORIO Spotlight. The Security Assessment is a short yet powerful offline process - with zero interference to your operational environment. Data from your systems is collected and analyzed using automated tools provided by OTORIO. The end result is a comprehensive view of risks, exposures, and vulnerabilities, along with a clear and feasible risk mitigation plan – all prioritized according to the potential impact of each risk on your business. The Spotlight risk assessment can dramatically speed the process of addressing the White House’s recommendations.

Companies looking for continuous risk and compliance monitoring, leveraging a more proactive approach, can opt for OTORIO’s RAM². This fully automated platform utilizes OTORIO’s patent-pending cyber digital twin, complete with a non-intrusive breach and attack simulation engine. The platform allows security teams to discover and address exposures before they become breaches, thereby significantly reducing the risk to continuous operations. 

Click here to schedule a complimentary consultation call with one of our experts to plan your response to the new directives.