National Security Warning: Ransomware is an Urgent Business Continuity Risk

The White House tells private-sector companies to review their cybersecurity posture as a major risk to business operations and resilience.

The White House explicitly warned corporate executives, business leaders and CISOs that companies need to treat the digital risks of ransomware attacks with greater urgency.

The head of cyber and emerging technology at the National Security Council, Anne Neuberger, wrote an open letter to companies on June 3, 2021, tying cybersecurity risk management to business continuity and operational resilience following back-to-back ransomware attacks in the US, on Colonial Pipeline and other companies in mid-May, and on a global food processor at the end of the month.

“The private sector also has a critical responsibility to protect against these threats. All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” Neuberger wrote. "We urge you to take ransomware crime seriously and ensure your corporate cyber defense match the threat."

The ransomware attack on Colonial Pipeline temporarily froze the gasoline supply in the Southeast and the company reportedly paid up to $5 million in ransom. IT systems that were hacked at JBS Foods forced shutdowns at nine meat plants in the US, and its operations in Australia were also affected.

"To understand your risk, business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations," the NSC’s Neuberger wrote in the memo.

The White House is encouraging all companies to carry out recommendations it recently addressed in an executive order focused on cybersecurity, including updating systems and segmenting networks to isolate the operational parts of the networks. The Biden administration also said this week it is reviewing practices including pressuring countries, such as Russia, to not harbor ransomware attacks and to analyze cryptocurrency use by criminals.

“The threats are serious and they are increasing. We urge you to take these critical steps to protect your organizations and the American public,” the NSC wrote in the memo to company leaders. 

“The U.S. Government is working with countries around the world to hold ransomware actors and the countries who harbor them accountable, but we cannot fight the threat posed by ransomware alone. The private sector has a distinct and key responsibility. The federal government stands ready to help you implement these best practices.”

In April, a report defined ransomware attacks against critical infrastructure sectors as a serious threat to national security. In mid-May, President Biden issued an executive order on improving cybersecurity in partnership with the private sector. In May, NSC’s Neuberger addressed the administration’s global campaign to combat ransomware, modernize cyber defense and enhance IT  and software security.

Resources

• Blog: Putting the Cyber in Operational Resilience
• Blog: The importance of integrating cybersecurity, business continuity and vendor risk
• Learn the best practices in keeping employees informed and compliant with data privacy and protection in our recent webinar.
• More info: Information security compliance training 
• Risk management software for managing IT risk and cybersecurity

Learn more about our integrated risk management solutions, which can provide a holistic view of IT risk and cybersecurity, business continuity, and operational and enterprise risks. 

Or, contact us to see how SAI360 has helped organizations like yours.