Following a series of high-profile cybersecurity breaches, the Department of Justice is raising investigations for ransomware attacks to the same level of priority as terrorism. Though ransomware has been around for a while, experts are glad to see the government taking a larger role in this issue, especially since these types of attacks are becoming more sophisticated by the day and hitting more crucial infrastructure.
The FBI has confirmed that they are investigating over 100 various types of ransomware and goes as far as to compare the response of these attacks to that of the 9/11 attacks. Attacks on Colonial Pipeline and JBS had a short-term impact on many American’s access to food and gas supply, but it could have been much worse. This is further proof that a shared responsibility is necessary across government agencies, the private sector and the average citizen when it comes to cybersecurity.
With this announcement, experts hope that this will bring much more awareness and urgency for businesses and organizations when it comes to their cybersecurity posture. A statement by Anne Neuberger, Deputy National Security Adviser for Cyber and Emerging Technology, warns that any company is a target and provides best practices for business leaders and corporate executives.
Recommendations to Minimize Risk of Ransomware Attack
• Segment your networks. What is network segmentation?
• Patch your systems promptly and regularly. See Software Patching Best Practices and The Importance of Third-Party Software Patching.
• Backup and regularly test your data (and keep offline). See Top Backup and Disaster Recovery Challenges and What are Air Gapped Backups?
• Create and test your incident response plan.
• Use 3rd party pen testers and consultants to test your security defenses
The recommendations laid out in the statement are basic security measures, however, there are still so many companies who fail to meet even this baseline when it comes to their IT infrastructure security, making them low-hanging fruit for ransomware attackers. Treating ransomware as a threat to core operations (by investing in security) versus just a threat to data loss, can make all the difference in how effectively a company is able to respond and recover if hit with an attack. See our blog on how you can Reduce the Risk of Ransomware & Other Cyber Attacks.
Read more about why Ransomware is a national security threat in the following articles…
DOJ Treating Ransomware As Terrorism Brings It ‘Out Of The Darkness’: MSPs
White House issues ransomware directive for businesses
Latest Ransomware Blogs
Smoke testing is a term used to describe the testing process for servers after patches are applied. 
Estimating an average time for patching servers and PCs can be a bit tricky. It can vary from one month to the next, depending upon the number and complexity of the patches released by your software vendors. You must consider all versions of operating systems and have a complete inventory of all your application software to do this job correctly. Our experience has shown that manual patching of systems takes on average of about 1.5 hours each.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.