The letter sent out on June 3rd by the US National Security Council's top cyber official, Anne Neuberger, leaves no doubt: No company is safe from being targeted by ransomware, regardless of size or location. Companies must be proactive when it comes to ransomware.
Quote from the US National Security Council's memo
In the memo, the US National Security Council urges companies to implement the following best practices:
* Read the complete recommendations in the US National Security Council's memo
To understand what industries are the focal point of ransomware attackers, use this simple rule of thumb: if the industry is in the headlines, for good or for bad, it is at a higher risk.
For that reason, COVID-19 related targets were popular among cyber attackers in 2020. In the first quarter of 2021, though, we’ve seen a sharp shift in ransomware targets. So far in 2021, the operations of a few dozens of industrial companies and critical infrastructure sites were disrupted by cyberattacks - more cases than in 2020 together. We’re also seeing that attackers cause more severe damage. Why? They understand that companies can’t afford any operations disruption and are more willing to pay the ransomware. Indeed, Colonial Pipeline paid the hackers nearly $5 million in ransom. This dramatic rise in disruptive ransomware attacks probably explains why the new US administration takes this operational cybersecurity threat very seriously.
The best practices suggested by the White House are an excellent place to start.
OTORIO offers a combination of technology and advanced OT cybersecurity services, including risk assessment, segmentation evaluation, pen-testing and incident response. OTORIO offers an automated Security Assessment - OTORIO Spotlight. The Security Assessment is a short yet powerful offline process - with zero interference to your operational environment. Data from your systems is collected and analyzed using automated tools provided by OTORIO. The end result is a comprehensive view of risks, exposures, and vulnerabilities, along with a clear and feasible risk mitigation plan – all prioritized according to the potential impact of each risk on your business. The Spotlight risk assessment can dramatically speed the process of addressing the White House’s recommendations.
Companies looking for continuous risk and compliance monitoring, leveraging a more proactive approach, can opt for OTORIO’s RAM². This fully automated platform utilizes OTORIO’s patent-pending cyber digital twin, complete with a non-intrusive breach and attack simulation engine. The platform allows security teams to discover and address exposures before they become breaches, thereby significantly reducing the risk to continuous operations.
Click here to schedule a complimentary consultation call with one of our experts to plan your response to the new directives.