[BreachExchange] White House warns CEOs of heightened cyber risks during the holidays

Thu Dec 16 09:34:11 EST 2021

https://finance.yahoo.com/news/white-house-warns-ce-os-of-heightened-cyber-risks-during-the-holidays-111042178.html

The White House sent a letter to CEOs Thursday warning them of the
increased risks of hacks during the holidays, highlighting the increased
fragility of our digital infrastructure when people are taking time off.

The letter from Anne Neuberger, the Deputy National Security Advisor for
Cyber, and Chris Inglis, the National Cyber Director, also highlighted the
fact that America's infrastructure has been particularly vulnerable to
malicious cyber activity in recent months.

"Historically, we have seen breaches around national holidays, because
criminals know that security operations centers are short-staffed, delaying
the discovery of intrusions," the letter stated. "Beyond the holidays,
though, we've experienced numerous recent events that highlight the
strategic risks we all face because of the fragility of the digital
infrastructure and the ever-present threat of those who would use it for
malicious purposes."

The ominous note comes at the end of a year that has seen events like a May
cyberattack on Colonial Pipeline, which temporarily cut off nearly 50% of
the fuel capacity for the East Coast and led to days of confusion at the
pumps.

Another attack against Meatpacker JBS from June disrupted the company’s
North American and Australian operations and threatened to interfere with
the food supply chain and further inflate food prices.

The U.S. government’s Cybersecurity and Infrastructure Assurance Agency
warns on its website that there is a trend towards “increased risk for wide
scale or high-consequence events that could cause harm or disrupt services
upon which our economy and the daily lives of millions of Americans depend.”

During a June appearance on Yahoo Finance, an oil expert noted of the
Colonial Pipeline attack that “going forward, clearly, this is a wake-up
call.” And in August, President Joe Biden gathered the heads of some of the
world’s biggest tech, energy, and financial services and told them: “You
have the power, the capacity, and the responsibility, I believe, to raise
the bar on cybersecurity."

The White House followed up that meeting by announcing that they would work
with industry partners to create a new framework to improve the security
and integrity of the technology supply chain.

Thursday’s letter outlined steps business leaders and CEOs can take to
reduce risk.

The letter will be sent widely to businesses that have worked with the
White House and the Cybersecurity and Infrastructure Security Agency over
the last year, according to an administration official.

The recommendations include a range of tips like implementing the latest
security patches, quickly investigating suspicious activity, mandating
multi-factor authentication, reviewing staffing plans to ensure ample
holiday coverage, and backing up crucial data.

The letter added another warning that some criminals begin launching
attacks before the holidays and then "lie in wait to strike" when everybody
is off celebrating. The cyber officials signed off on a more positive note:
”Please accept our best wishes for a happy holiday season and a safe and
secure New Year.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211216/844d865d/attachment.html>