Companies Must Bolster Their Cyber Defenses

On March 21, 2022, the White House warned American companies to prepare for potential Russian cyberattacks and strengthen their defenses. The statement highlighted these risks following sanctions imposed on Russia by the U.S. and its allies. These sanctions follow Russia’s widely condemned invasion of Ukraine and are significantly impacting the Russian economy. Despite this, Russia has previously attacked American businesses and governments, so anticipate additional attacks. The U.S. government urges all American businesses, large and small, to prepare their own cyber defense and layered security strategy.

Past White House Actions

The statement highlighted the White House’s actions to protect Americans and American businesses from cyberattacks, including:

  • Executive orders aim to modernize and enhance the cybersecurity of every aspect of the federal government.
  • Public-private cybersecurity plans target improvements across various critical infrastructure components, including electricity, energy, and water pipelines.
  • Mandates that all government agencies use new cybersecurity measures.
  • Increased cooperation among allies, especially the G7 nations, aims to better coordinate efforts to prevent international cyberattacks.
  • Increased coordination and resource provision with the private sector, specifically by working on expanding and enhancing the CISA Shields Up campaign. This effort — promoted by the Cybersecurity & Infrastructure Security Agency — is meant to give private businesses guidance about the types of cybersecurity measures they can take and resources where they can find these measures.

The Whitehouse statement also noted that even the most robust government defenses cannot stop all attacks. As such, all American businesses are asked to “execute the following steps with urgency.”

  • Require that all company devices and networks use multi-factor authentication (MFA) to gain access. Multi-factor authentication usually requires the use of two devices to gain access to a company network or company data, thus making hacking a company’s network much more difficult.
  • Ensure that all security measures and patches are as up-to-date as possible and consistently update all devices frequently.
  • Work with professionals to ensure that security measures are as robust and complete as possible. This may involve investing more time and money into cybersecurity efforts, but this is likely an expense well worth making, particularly in today’s perilous cybersecurity world
  • Work to ensure the cyber resiliency of their computer networks. This requires consistently backing up all data and using off-site backups to ensure the best protection.
  • Conduct all appropriate cybersecurity risk assessments and cybersecurity training.
  • Plan for a cyber attack. Train staff and develop strategies and procedures for responding to network attacks, breaches, or outages. This may include notification policies if foreign actors access sensitive customer data. 

Long-Term Measures Needed

Finally, the statement noted the need for long-term cooperation from the private sector to boost America’s cybersecurity systems for the foreseeable future. These long-term investments include:

  • Integrate cybersecurity into the entire product development cycle, making it an essential component rather than an afterthought. This saves time, money, and work, all while reducing risk.
  • Using software that has as limited access as possible. This approach prevents bad actors from accessing critical systems and stops individuals with access to your data or network from leaking information, whether accidentally or intentionally.
  • Use the most modern security tools available and create procedures that ensure your business will constantly be on the lookout for new security upgrades. These procedures can make it so that you routinely look to upgrade your security.
  • Ensuring that all developers who use open-source software and coding list where they got their code from, thus making it easy to patch code later down the line. Develop procedures with your software developers to keep them engaged with your organization. Create procedures with your software developers that will ensure they stay in touch with your business or organization and can protect their software or code if it is later found to be compromised. 

Resources Are Available

Unfortunately, as has been noted by numerous articles on the subject, the vast majority of businesses say that they are unprepared for a cyberattack. This is understandable: Preparing a cyber defense is beyond the capabilities of most small businesses, which often don’t understand how to implement SEC guidance on cyber security threats, add multi-factor authentication, or engage in appropriate cybersecurity risk assessments. All of this helps to drive home the need for businesses to find appropriate guidance from outside experts who understand cyber security and can help provide small businesses with the resources they need. 

If your business wants to enhance its cybersecurity strategy, including conducting a risk assessment or exploring cyber insurance, vTECH io offers a range of free resources to guide you in implementing best practices. Check out our free resources, and contact us today if you have more questions and are looking for more information.