Connect with us

Hi, what are you looking for?



White House Warns Companies to Act Now on Ransomware Defenses

Last week, Mr. Biden acted through executive order in an effort to force some of those changes on the pipeline industry, using the Transportation Safety Administration’s oversight powers on the pipeline industry.

In the absence of comprehensive government mandates, however, cybersecurity practices have been voluntary. The result is that many businesses and other organizations have been, in effect, left to fend for themselves. And the latest ransomware attacks have exposed the extent to which American cities, town governments, police departments and even the one of the ferry services between Cape Cod, Martha’s Vineyard and Nantucket have failed to erect sufficient defenses.

The latest attack on one of the world’s largest suppliers of beef, JBS, for example, was pulled off by a Russian group known as REvil, which has had great success breaking into companies using very simple means. The group typically gains access into large corporations through a combination of email phishing, in which it sends an employee an email that fools him or her into entering a password or clicking on a malicious link, and exploiting a company’s slowness to patch software.

REvil’s cybercriminals will often search for and exploit vulnerable computer servers or break in through a well-known flaw in Pulse Secure security devices, called a VPN, or virtual private network, that companies use in an effort to protect their data. The flaw was detected and patched two years ago, and flagged by American officials again last year after a series of cyberattacks by Chinese hackers. But many companies have still failed to patch it.

Yet a year later, many companies have still neglected to run the patch, essentially leaving an open window into their systems.

In the White House memo, titled “What We Urge You to Do Now,” Ms. Neuberger asked businesses to focus on the basics. One step is multifactor authentication, a process that forces employees to enter a second, one-time password from their phone, or a security token, when they log in from an unrecognized device.

It encouraged them to regularly back up data, and segregate those backup systems from the rest of their networks so that cybercriminals cannot easily find them. It urged companies to hire firms to conduct “penetration testing,’’ essentially dry runs in which an attack on a company’s systems is simulated, to find vulnerabilities. And Ms. Neuberger asked them to think ahead about how they would react should their networks and held hostage with ransomware.

Source link

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like


The leader of a small hard-line party says he will try to form a unity government with Prime Minister Benjamin Netanyahu’s opponents. Sunday’s...


The woman who led the design of Bumble’s dating app in the run-up to the company’s February initial public offering is joining Twitter Inc.,...


Video platform Rumble said it is receiving an investment from a group of prominent conservative venture capitalists including Peter Thiel and “Hillbilly Elegy” author...


The Conservatives deleted a tweet on Thursday that leader Erin O’Toole has said was “detracting” from important conversations about the COVID-19 vaccine rollout...

Copyright © 2020 ZoxPress Theme. Theme by MVP Themes, powered by WordPress.