White House Issues Open Letter to Corporate and Business Leaders Highlighting Ransomware Threat

By Chase Millea and Anthony S. Caldwell

Following a series of high-profile ransomware attacks – where an organized criminal group or nation-state actor encrypts a company’s network and data and threatens to expose or delete it unless the company pays ransom – Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger released an open letter (“Letter”) to corporate and business leaders nationwide calling on companies to take immediate steps to protect against the threat of ransomware. The Letter comes on the heels of disruptive ransomware incidents that targeted a major oil pipeline company and a meat supplier.

The Letter outlines “high impact” steps companies can take to mitigate the threat of ransomware, including:

• Implementation of multi-factor authentication (e.g., requiring authentication through a mobile device);
• Endpoint detection and response (to seek out and avert threats on a network);
• Encryption (so if identifiable or other data is stolen it cannot be used); and
• A skilled, empowered security team.

The Letter also urges companies to:

• Back up data, regularly test backup procedures, and keep backups offline;
• Update and patch systems promptly;
• Test their organization’s incident response plan;
• Use a third party to test the security of your organization’s systems; and
• Segment networks to limit exposure in the event of an attack.

Practical Takeaways

These recommendations are good considerations when developing and implementing strategies to protect against ransomware and other cyber risks to their business, IT systems and data. Organizations may also consider efforts to improve their workforce’s knowledge of cyber risks to mitigate intentional and/or inadvertent cyber risk(s) to the organization. Finally, organizations may consider engaging cybersecurity and legal advisors to provide further guidance in these areas.