Companies are urged to strengthen their cyber defenses

In a statement on March 21st, 2022, the White House warned American companies to prepare for potential Russian cyberattacks and to boost their cyber defenses.

The statement specifically noted the possibility of these attacks in the wake of sanctions placed on Russia by the United States government and allies. These sanctions come after Russia’s widely condemned invasion of Ukraine and are believed to be having a major impact on the Russian economy. However, Russia has attacked American businesses and governments in the past, and additional attacks can now be expected. As a result, the United States government formally urges all American businesses — large or small — to prepare their own cyber defense and layered security strategy.

Past White House Actions

The statement highlighted the White House’s actions to protect Americans and American businesses from cyberattacks, including:

  • Executive orders that are designed to modernize and improve the cybersecurity of all aspects of the federal government.
  • Combined public-private cyber security plans that are meant to improve the cybersecurity of a variety of critical infrastructure components, including electric, energy, and water pipelines.
  • Mandates that all government agencies use new cybersecurity measures.
  • Increased cooperation among allies — and particularly the G7 nations — that is meant to better coordinate efforts to stop cyberattacks on an international level. 
  • Increased coordination and resource provision with the private sector, specifically by working on expanding and enhancing the CISA Shields Up campaign. This effort — promoted by the Cybersecurity & Infrastructure Security Agency — is meant to give private businesses guidance about the types of cybersecurity measures they can take and resources where they can find these measures.

Recommended Business Actions

The Whitehouse statement also noted that even the most robust government defenses cannot stop all attacks. As such, all American businesses are asked to “execute the following steps with urgency.”

  • Require that all company devices and networks use multi-factor authentication (MFA) to gain access. Multi-factor authentication usually requires the use of two devices to gain access to a company network or company data, thus making hacking a company’s network much more difficult.
  • Ensure that all security measures and patches are as up-to-date as possible and consistently update all devices frequently.
  • Work with professionals to ensure that security measures are as robust and complete as possible. This may involve investing more time and money into cybersecurity efforts, but this is likely an expense well worth making, particularly in today’s perilous cybersecurity world
  • Work to ensure cyber resiliency of their computer networks. This means having all data consistently backed up and potentially using off-site backups to protect data best.
  • Conduct all appropriate cybersecurity risk assessments and cybersecurity training.
  • Plan for a cyber attack. This means training staff and developing the appropriate strategies and procedures for what to do if a network is attacked, breached, or taken down. This may include notification policies in the event that foreign actors access sensitive customer data. 

Long-Term Measures Needed

Finally, the statement noted the need for long-term cooperation from the private sector to boost America’s cybersecurity systems for the foreseeable future. These long-term investments include:

  • Ensuring that cybersecurity is considered throughout an entire product development cycle, not just as something that is added in but something that is part of a product’s entire development. This saves time, money, and work, all while reducing risk.
  • Using software that has as limited access as possible. This can limit the possibility that a bad actor can access critical systems while also ensuring that information cannot be leaked — accidentally or intentionally — by someone else who has access to your data or network.
  • Using the most modern security tools available and create procedures that ensure your business will constantly be on the lookout for new security upgrades. These procedures can make it so that you routinely look to upgrade your security.
  • Ensuring that all developers who use open-source software and coding list where they got their code from, thus making it easy to patch code later down the line. Create procedures with your software developers that will ensure they stay in touch with your business or organization and can protect their software or code if it is later found to be compromised. 

Resources Are Available

Unfortunately, as has been noted by numerous articles on the subject, the vast majority of businesses say that they are unprepared for a cyberattack. This is understandable: Preparing a cyber defense is beyond the capabilities of most small businesses, which often don’t understand how to implement SEC guidance on cyber security threats, add multi-factor authentication, or engage in appropriate cybersecurity risk assessments. All of this helps to drive home the need for businesses to find appropriate guidance from outside experts who understand cyber security and can help provide small businesses with the resources they need. 

If your business is interested in doing more to improve its cybersecurity strategy, including conducting a cybersecurity risk assessment or examining cyber insurance, vTech IO has a slew of free resources to help guide you through implementing recommended cybersecurity best practices. Check out our free resources, and contact us today if you have more questions and are looking for more information.