On December 16, the White House circulated a letter warning companies that during the holiday season, they might be more vulnerable to cyberattacks. On the same day, the J.P. Morgan International Council warned that companies and governments need to take more steps, in general, to protect against these kinds of incidents.
What This Means
All large companies devote a significant number of resources to keeping their systems and data safe, knowing that an attack can be catastrophic. Despite these efforts, there have been several major hacks in the past year, including one on the Colonial Pipeline that led to gas shortages in the Southeast. The letter from the White House was sent by the national security advisor for Cyber and Emerging Technology, Anne Neuberger, and National Cyber Director Chris Inglis. The J.P. Morgan International Council consists of government and business leaders, including Alex Gorsky, the CEO of Johnson and Johnson; Tony Blair, former prime minister of the UK; and Condoleezza Rice, former U.S. Secretary of State.
Why it’s Important
The warning is an important one because it is not just governments and big tech companies for whom secure internet access is vital. A small company may use GPS fleeting tracking software. As a business owner, you would adopt this so that you would know where your drivers are at all times, which is a critical element of fleet management. Yet this also can leave small companies vulnerable, and while an attack on their systems may be less likely, it is still important to have security measures.
Some of these measures are beyond the scope of any business owner to provide. The J.P. Morgan International Council, for example, said that governments need to pass stricter legislation related to cybersecurity. However, the White House letter pointed out that previous attacks have often coincided with major holidays, and companies should be more vigilant in the run-up to Christmas and the New Year. One of the reasons hackers choose this time is because companies are often short-staffed.
Next Steps
The letter recommended that companies take several steps when any kind of holiday is ahead. In fact, there is already new cybersecurity guidance coming to Maryland localities and other parts of the country as well. These steps include making sure data is backed up and stored somewhere securely offline and providing better training for employees regarding security. They also recommended a requirement for multi-factor authentication, taking care of any potential vulnerabilities in the existing system, and ensuring that there is enough staffing coverage during the holidays.
Organizations should not restrict their vigilance to only the holiday season. The letter warned that infiltration often begins earlier, with hackers waiting for the right moment to launch an attack. The J.P. Morgan International Council had a number of recommendations as well, these aimed at businesses and governments. Among other things, they suggested that countries should share more intelligence about cyber threats, that governments and businesses should work together more, and that government agency should have a more robust team of tech experts to address the problem. The council also stressed the importance of information sharing between businesses and governments. Because each has doubts about the transparency of the other, information sharing is currently hindered.