Understanding Cybersecurity Maturity Model Certification (CMMC)
[ZOOM EVENT] Wednesday, June 23, 2021 @ 11AM-12PM ET REGISTER HERE
BIDEN ADMINISTRATION TACKLING CYBERSECURITY ON NATIONAL LEVEL
Recent ransomware attacks and hacks grab U.S. government attention
By Ken Michael
A recent slew of ransomware attacks on American companies has grabbed the attention of the Biden administration and launched cybersecurity into the national spotlight. Year over year, businesses around the world have seen an increase in cyberattacks but the United States government is now taking it as seriously as it does terrorist attacks.
White House on Cybersecurity
United States Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger issued a letter from the White House on June 2, 2021, to corporate executives and business leaders regarding the threat of ransomware and how to protect against it.
“The number and size of ransomware incidents have increased significantly, and strengthening our nation’s resilience from cyberattacks – both private and public sector – is a top priority of the President’s,” stated Neuberger’s letter. “Under President Biden’s leadership, the Federal Government is stepping up to do its part, working with like-minded partners around the world to disrupt and deter ransomware actors.”
Neuberger wrote that the government is disrupting ransomware networks, working with international partners to hold countries that harbor ransomware actors accountable, developing cohesive and consistent policies towards ransomware payments and enabling rapid tracing and interdiction of virtual currency proceeds.
Ransomware Attacks on the Rise
The letter was issued following a series of recent ransomware hacks against U.S. companies including the Colonial Pipeline hack just last month. The attack shut down the pipeline that fed much of the Eastern United States with gasoline for five days leading to widespread shortages for days. Colonial Pipeline ended up paying the hackers responsible for the attack nearly $5 million in ransom.
According to U.S. Justice Department officials, the government was able to step in and recover a “majority” of the ransom paid ($2.3 million). The Federal Bureau of Investigation (FBI) worked with the Colonial Pipeline Company to track the cryptocurrency after the payment was made, according to a piece by Forbes.
In addition to the ransomware attack on the Colonial Pipeline Company in May, JBS Holdings, the world’s largest meat company by sales, just paid $11 million in bitcoin on May 30, 2021, in a ransomware attack. According to an article by Yahoo! Finance, JBS Holdings made payment to the ransomware group, REvil, to stop the attack that impacted the U.S. domestic beef supply.
Security Intelligence recently reported that in some cases, groups committing ransomware attacks in 2020 demanded more than $40 million for a single attack. A June 9, 2021, report by NPR showed the U.S. suffered more than 65,000 ransomware attacks last year which equates to more than seven per hour, posing a national security risk to our nation.
Cyberattacks Are ‘Here to Stay’
With the increase in ransomware attacks and the impact they have had on the nation, the need for cybersecurity for both private and public entities has been thrust into headlines. United States Commerce Secretary Gina Raimondo said cyberattacks are here to stay and are expected to intensify, according to an online piece by Industry Week. She told ABC’s This Week that the U.S. should be taking a “more aggressive stance on cyberattacks” that may even require military action.
The Government’s Response
The fact is the government has become acutely aware that this is an issue that must be handled as quickly and effectively as possible to prevent further losses and reduce the impact on the public. In 2019, the U.S. government began working on developing its new Cybersecurity Maturity Model Certification (CMMC) to secure the nation’s supply chain. Government contractors and subcontractors will be required to become CMMC compliant in order to be awarded government contracts starting this year.
An article by The Washington Post reported that FBI Director Christopher A. Wray compared the government-wide response to the recent cyberattacks to the Sept. 11, 2001, terrorist attacks.
“The scale of this problem is one that I think the country has come to terms with,” Wray told The Washington Post.
Ransomware, which infiltrates computer networks and locks them down until a ransom is paid, has started to impact nearly every part of American life from the economy to shopping for groceries with attacks on industries from healthcare and education to public utilities and the defense industrial base (DIB).
The Justice Department is elevating ransomware investigations and the White House has started issuing new cybersecurity requirements for gas pipelines in an effort to prevent future attacks. President Biden has also promised to address the problem of ransomware groups operating in Russian territory with Russian President Vladimir Putin during their upcoming summit later this month.
The Private Sector’s Responsibility
The Neuberger letter went on to discuss the “critical responsibility to protect against these threats” by the private sector as well.
Neuberger wrote, “All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location. But there are immediate steps you can take to protect yourself, as well as your customers and the broader economy. Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat.”
Businesses Need Help
What this boils down to is that each company, regardless of size from small mom and pops to major corporations, need to examine their network security and shore it up. Not only does having the proper cybersecurity practices, policies, software, and backup in place to protect individual businesses and their customers, but it’s imperative to protecting the American economy as well.
Third-party IT and cybersecurity providers such as Dox Electronics can assist businesses in auditing their network security and shoring up holes with the right hardware and software. Many business leaders have avoided essential upgrades and updates due to a fear of cost when it comes to cybersecurity, but the cost of an attack can be substantially more and lead to the ultimate destruction of a company.
For more information about improving cybersecurity affordably for your business, contact Dox now at (585) 473-7766 to schedule a free initial consultation.