The White House told companies to reset passwords, maintain IT staffing and patch vulnerabilities in their network in a Thursday memo that says hackers love to “lie in wait” for a holiday before attacking networks.
“Unfortunately, malicious cyber actors are not taking a holiday — and they can ruin ours if we’re not prepared and protected. Historically we have seen breaches around national holidays because criminals know that security operations centers are often short-staffed, delaying the discovery of intrusions,” wrote Anne Neuberger, the deputy national security adviser for cyber and emerging technology at the White House.
Her memo said companies need to stiffen their defenses early. In some cases, hackers infiltrate networks and then wait for the holiday to launch an attack.
Ms. Neuberger said many criminals use stolen credentials, so companies should force a reset of passwords and use multiple factors of authentication to trip up rogue actors.
The memo says companies should have information-technology staff on call 24/7 over the holiday and make sure employees know how to recognize phishing attempts. Companies also should back up information offline.
“Many attacks succeed simply because the organizational back-up strategy is incomplete or permits criminals access to the backed-up information,” the memo said.
Ms. Neuberger also said network patches should be up to date to protect against vulnerabilities and that “secure organizations assume they will be compromised, but work to minimize the effect of a compromise.”
Her warnings come after a series of high-profile ransomware attacks, notably against the Colonial Pipeline and JBS meat-processing company, which caused major headaches for the administration earlier this year.
President Biden told Russian President Vladimir Putin to rein in bad actors who operate within Russia’s borders. Mr. Putin hasn’t signaled he will be a willing partner, prompting the White House to ask corporations to shore up their defenses.