“The number and size of ransom-ware incidents have increased significantly, and strengthening our nation’s resilience from cyberattacks – both private and public sector – is a top priority of the President’s,” the memo began, before outlining recommendations to mitigate risk.
“To understand your risk,” the memo states, “business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations.”
Following is a section titled “What We Urge You To Do Now”
1) Implement these best practices: Multi-factor authentication, endpoint detection & response, encryption, a skilled, empowered security team to patch rapidly.
2) Backup your data, system images, and configurations, regularly test them, and keep the backups off-line.
3) Update and patch systems promptly.
4) Test your incident response plan.
5) Segment your networks.
The memo ends: “We urge you to take these critical steps to protect your organizations and the American public. The U.S. Government is working with countries around the world to hold ransom-ware actors and the countries who harbor them accountable, but we cannot fight the threat posed by ransomware alone. The private sector has a distinct and key responsibility. The federal government stands ready to help you implement these best practices.”