AG HEALEY URGES
BUSINESSES AND GOVERNMENT AGENCIES TO TAKE IMMEDIATE STEPS TO PROTECT
OPERATIONS FROM RANSOMWARE ATTACKS
Following Hacking
Incident at Steamship Authority, AG’s Office Stresses Importance of Precautions
to Protect Data Security
BOSTON – In response to an
alarming increase in the frequency and impact of ransomware attacks across
public and private sectors, Attorney General Maura Healey is urging members of
the business community and government entities, including law enforcement
agencies, in Massachusetts to immediately assess their existing data security practices
and take appropriate steps to upgrade security measures to protect their
operations and consumer information.
AG Healey’s advisory follows a memo from the
Biden Administration discussing the urgent threat ransomware poses to American
businesses and government entities with suggestions to mitigate its impact.
“Leaders from the public and
private sectors have an important and critical responsibility to public safety
and welfare to protect against these threats,” AG Healey said. “We
strongly encourage all Massachusetts businesses and government organizations to
take the appropriate steps to strengthen data security and ensure its computer
networks are secure as required by law. Our office will work with federal law
enforcement partners to identify and hold the criminals responsible for these
ransomware attacks accountable.”
Ransomware is a form of computer malware that
encrypts files on a computer or network, rendering the systems that rely on
them unusable. Malicious actors then demand a ransom in exchange for
decryption. Ransomware actors often target and threaten to sell or leak
exfiltrated data or authentication information if the ransom is not paid.
Ransomware attacks are constantly
evolving and on the rise. Just last week at the Steamship Authority in
Massachusetts, ransomware caused massive disruption to its ticketing and
reservation systems. And an attack on JPS SA, a Brazilian company known as the
world’s largest meat processing company, led to production shutdowns and lost
profits and wages. Last month, a criminal group employed ransomware to lock the
systems of Colonial Pipeline, a pipeline operator for the East Coast, causing a
multi-day operational shutdown and leading to a spike in gas prices, panic
buying, and localized fuel shortages in the southeast.
On June 2, Anne Neuberger, Deputy
Assistant to the President and Deputy National Security Advisor for Cyber and
Emerging Technology, issued a memo titled “What We Urge You To Do To Protect
Against The Threat of Ransomware,” with the following recommendations:
Implement
the five best practices from the President’s Executive Order: President Biden’s Improving
the Nation’s Cybersecurity Executive Order outlines five,
high-impact, best practices to safeguard networks: multifactor
authentication (because passwords alone are routinely compromised),
endpoint detection & response (to hunt for malicious activity on a
network and block it), encryption (so if data is stolen, it is unusable)
and a skilled, empowered security team (to patch rapidly, and share and
incorporate threat information in your defenses). These practices will
significantly reduce the risk of a successful cyber-attack.
- Backup your data, system images, and configurations,
regularly test them, and keep the backups offline: Ensure that backups are
regularly tested and that they are not connected to the business network,
as many ransomware variants try to find and encrypt or delete accessible
backups. Maintaining current backups offline is critical because if your
network data is encrypted with ransomware, your organization can restore
systems.
- Update and patch systems promptly: This includes
maintaining the security of operating systems, applications, and firmware,
in a timely manner. Consider using a centralized patch management system;
use a risk-based assessment strategy to drive your patch management
program.
- Test your incident response plan: There’s nothing that
shows the gaps in plans more than testing them. Run through some core
questions and use those to build an incident response plan: Are you able
to sustain business operations without access to certain systems? For how
long? Would you turn off your manufacturing operations if business systems
such as billing were offline?
- Check Your Security Team’s Work: Use a third party tester
to test the security of your systems and your ability to defend against a
sophisticated attack. Many ransomware criminals are aggressive and
sophisticated and will find the equivalent of unlocked doors.
- Segment
your networks:
There’s been a recent shift in ransomware attacks – from stealing data to
disrupting operations. It’s critically important that your corporate
business functions and manufacturing/production operations are separated
and that you carefully filter and limit internet access to operational
networks, identify links between these networks and develop workarounds or
manual controls to ensure industrial
control system (ICS) networks can be isolated and continue
operating if your corporate network is compromised. Regularly test
contingency plans such as manual controls so that safety critical
functions can be maintained during a cyber incident.
The Massachusetts
Data Security Regulations, which the AG’s Office regularly enforces, also
requires entities to employ many of the above safeguards with respect to
personal information about Massachusetts residents that an entity maintains,
stores, transmits, or processes electronically.
All organizations, regardless of
sector, size, or location, must recognize that no company is safe from being
targeted by ransomware. Detailed guidance and resources from the U.S.
Cybersecurity & Infrastructure Security Agency on how to guard your entity
against ransomware attacks can be found here.
The National Institute of
Standards and Technology also provide guidelines and practices for
organizations to better manage and reduce cybersecurity risk. More information
can be found here.
沒有留言:
發佈留言