The President of the United States has reiterated warnings that Russia could carry out cyber-attacks against American targets.
In a statement released Monday, President Joe Biden said he was privy to “evolving intelligence that the Russian Government is exploring options for potential cyber-attacks.”
Biden said that while the federal government would do what it could to “deter, disrupt, and if necessary, respond” to cyber-attacks against critical infrastructure, private sector and critical infrastructure owners and operators must take the initiative and bolster their cybersecurity.
The President said companies had a responsibility to strengthen the security of “the critical services and technologies on which Americans rely” by implementing the best practices developed by the federal government and its private partners over the last year.
Commenting on Monday, Eric Noonan, CEO of CyberSheath, said: “There is a tone and an urgency in today’s statement that I don’t think we’ve ever seen before from a sitting president.”
Noonan described the President’s words as a rallying call to the private sector to act now to reduce risk and prevent attacks.
“He’s telling us the government can’t do this for us,” said Noonan, “we need the private sector to step up to the plate and implement the recommendations that the government has been making for a decade now, spanning multiple administrations.”
Along with the statement, the White House distributed a fact sheet of recommended security measures, including the use of multi-factor authentication, patching and encryption.
“If we had to stack rank these (measures), we would recommend focusing first on patching all systems and implementing multi-factor authentication on all remotely accessible and externally facing systems,” said Terry McGraw, senior executive incident response consultant at Secureworks.
McGraw also advised companies to ensure their backup solution is viable and uses an alternative or out-of-band set of user credentials other than Active Directory and keep a hard copy of their critical infrastructure and systems in case they need to restore it after an attack.
Amit Yoran, CEO of Tenable and founding director of the US-CERT program in the Department of Homeland Security, said: “Organizations need to roll up their sleeves and secure their systems before it’s too late.”