Cybersecurity and Infrastructure Security Agency (CISA) and FBI officials said the agencies are encouraging Americans to be aware of critical infrastructure security during the holiday season.
Efforts are being intensified to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure. There are actions executives, leaders, and workers can take to protect against cyberattacks proactively.
Methods of critical infrastructure protection include identifying IT security employees for weekends and holidays who would be available to surge during times in the event of an incident or ransomware attack; implementing multi-factor authentication for remote access and administrative accounts; mandating strong passwords and ensuring they are not reused across multiple accounts; and reminding employees not to click on suspicious links and conduct exercises to raise awareness.
CISA and the FBI maintain among the techniques cybercriminals use to gain access to networks are phishing scams that include utilizing unsolicited emails posing as charitable organizations; fraudulent sites spoofing reputable businesses; and unencrypted financial transactions.
The agencies recommend individuals, businesses, and organizations update incident response and communication plans, ensuring they address actions to take and contacts to interact with should a ransomware incident impact those entities.
Information and resources regarding protecting against and responding to ransomware can be found at StopRansomware.gov.