BIDEN ADMINISTRATION ASKS BUSINESS LEADERS TO RAMP UP CYBERSECURITY
On Thursday, June 3, 2021, the Biden Administration’s Deputy National Security Advisor for Cyber and Emerging Technology, Anne Neuberger, issued a clarion call to US businesses asking them to heighten their protocols and their efforts to protect their businesses from ransomware.
Ms. Neuberger’s open letter laid bare the private sector’s “critical responsibility” to protect against cyber threats. No company should consider itself immune to cybercriminals, and waiting to act until attacked is not a viable option. Ms. Neuberger’s appeal followed closely after several recent notorious ransomware cases. In May, a ransomware attack shut down the Colonial Pipeline’s fuel distribution to the East Coast for several days, causing panic buying in local areas and gasoline shortages in 12 states.
Elected officials praised Ms. Neuberger’s action, saying the open letter is evidence that the Biden administration is aware of the seriousness of the ransomware problem for businesses generally and not just a threat to large corporations.
IT Experts Weigh In
Given the importance this discussion has for small business clients as well as enterprise corporations, Ulistic reached out to IT professionals for their perspectives on this escalating situation. There were a couple of cynics among the hopeful responses, such as the following:
“I think it will fall on deaf ears… Most companies think their protection is sufficient and will not add more layers to their cybersecurity until a breach or ransomware attack happens… Cybersecurity protection can be costly and, since the pandemic, companies are not looking to add costs … Also, we are in information overload, so most of the decision-makers are likely not listening to that conference.” — Nick Allo, Semtech IT Solutions
On the other hand, the Biden Administration’s plea seemed to strike a hopeful note for several IT commentators. It is significant, however, that IT professionals urge a word of warning to the small business community: Do Not Wait Until You Are Attacked!
“As a cybersecurity consultant in the small business space, I welcome anyone who shines a spotlight on these threats. What you see in the news about these big high-profile companies being hit is really just the tip of the iceberg. We see small businesses being hit every day, it just doesn’t make the news. Unfortunately too many small businesses do not take cybersecurity seriously, until they are attacked. By then it’s too late. And the recommendations being proposed by the administration are reasonable and achievable by any small business, they just need to reach out to a cybersecurity company who specializes in small businesses…” — Adam A. Fadhli, President, Discovery Information Technologies
Preparations Are Critical
Preparing means accepting that cyberattacks are inevitable (not if, but when) for small businesses. Preparing means constructing the cybersecurity defenses that protect networks from permanently losing access to files in a ransomware attack and protect them against the need to pay a substantial ransom demand to get them back. Integral Networks suggested five basic steps to protect a small business’s network:
“Find and work with a reputable Managed Services Provider…[Their — ed] experience dealing with and recovering businesses that have been breached is a plus as they can help you navigate what you should put into place based on your business.
Put a proper security appliance (firewall) into place. If you’re not paying an annual license subscription for a firewall device that includes security services, it is worthless and not protecting you.
Email security filtering services. Link poisoning is a real thing, and employees are the #1 source of breaches.
Dark web ID Scanning for compromised credentials. If credentials are compromised you need to know… and make changes.
And last, implement multi-factor authentication.” — Bryan Badger, Integral Networks
It’s Not Too Late
Doomsayer critics of Ms. Neuberger’s plea about cybersecurity may want to paint the issue as dire and hopeless; however, the more hopeful voices are visionary.
“It’s better late than never! I was surprised and happy to hear the news about the White House’s call to increase cybersecurity because it’s always a struggle to convince business owners and leaders to spend additional money towards cybersecurity and hopefully this made it to everyone’s news feed.
Most businesses either think that this is a problem that other people have or that they don’t have data that anyone cares about. It’s only after a business has experienced a cybersecurity incident that they are open to investing in cybersecurity frameworks and tools. It’s very similar to the conversations I was having 15-20 years ago about backup and disaster recovery. It was only the businesses that lost data because of lack of backup that became open to having a conversation about recovery time objectives and recovery point objectives.
I hope the White House does more by encouraging state and industry regulation that enforces cybersecurity requirements like HIPAA, PCI, and now CMMC for Federal and DoD contractors.” — Eric Schuler, HRCTThe message that large and small companies need to bear away from Ms. Neuberger’s speech is that the government alone cannot protect every business against cybersecurity attacks. Businesses bear responsibility for their own networks, too. This is the opportunity for cybersecurity leaders to push the C-Suite to move ahead with plans to protect their networks.