What the White House Ransomware Memo Got Wrong

What the White House Ransomware Memo Got Wrong

What the White House Ransomware Memo Got Wrong 2048 1365 Andrew Hay

On June 2nd, Anne Neuberg, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology, released a memo with the subject: What We Urge You To Do To Protect Against The Threat of Ransomware.

The most important aspect of the memo, and in our opinion one deserving of its own bullet, was the following sentence in the last paragraph of the first page:

To understand your risk, business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations.

The memo proceeds to detail classifications of mitigating controls (read: tools) that the White House “urges” everyone to utilize. Are these tools helpful, useful, necessary? In most cases yes, but only when they support the objectives of the organization’s security and overall business strategies, respectively.

Recommending the deployment of tools as the first step to address potential security gaps is just bad advice.

Let’s use a pirate analogy for a moment, shall we?

You have a shovel (a.k.a. a tool) and a desire to find buried treasure. With shovel in hand you start digging holes in your backyard. Will you find a treasure by digging random holes all over the place? Sure, maybe. Would the likelihood of finding the treasure increase significantly if you have a map (a.k.a. direction on how to get) to the treasure? Undeniably.

Without an effective security strategy that mirrors the overall business strategy, you’re simply spending money in the hopes that things work out for the best.

The memo isn’t all bad, however. After the initial “throw money at the problem and buy 5 widgets” suggestion, we actually see some useful advice in the form of:

The above suggestions mirror our own that we find ourselves frequently communicating during our penetration tests, configuration reviews, risk assessments, and red and purple team engagements.

If you really want to protect your organization from ransomware and ransomware-like threats, the first step is to have that difficult conversation with your executive team. If that’s something you feel you’re not ready to do on your own, please do not hesitate to reach out to Lares. We have decades of experience articulating complex technical topics for an executive or board-level audience.

If you’ve already taken the first step of having “the talk” with leadership and want to identify the potentially exploitable gaps in your security program or architecture, we can help with our penetration testing, configuration review, and red teaming services.

Even further down the road and feeling confident in your security capabilities? Now might be the ideal time to test and measure the effectiveness of your deployed controls, situational awareness, and response capabilities with Lares’ purple teaming services or facilitated tabletop exercises.

Regardless of where your organization is in its security program and maturity journey, Lares is here to help you succeed. Please do not hesitate to reach out to us via phone or email. We’d love to talk to you!

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

Email Us

©2019 Lares, LLC | All rights reserved.
Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Some types of cookies may impact your experience on our website and the services we are able to offer. It may disable certain pages or features entirely. If you do not agree to the storage or tracking of your data and activities, you should leave the site now.

Our website uses cookies, many to support third-party services, such as Google Analytics. Click now to agree to our use of cookies or you may leave the site now.