White House asks businesses to tighten defenses before the holidays

The Biden administration's top cyber officials on Thursday urged private sector executives to boost their cyber defenses against potential hackers ahead of the coming holidays.

“Unfortunately, malicious cyber actors are not taking a holiday — and they can ruin ours if we’re not prepared and protected,” deputy national security adviser Anne Neuberger and National Cyber Director Chris Inglis wrote in a letter released by the White House.

“Historically we have seen breaches around national holidays because criminals know that security operations centers are often short-staffed, delaying the discovery of intrusions,” they added.

The White House has issued similar warnings earlier this year before other major holidays. The three largest ransomware attacks of 2021 — against the Colonial Pipeline, meat processor JBS and software company Kaseya — all took place during holiday weekends.

The latest caution comes as both public and private entities scramble to determine the scope of the recently uncovered security flaw in Log4j software.

On Wednesday, tech giant Microsoft announced that hacking groups from China, Iran, North Korea and Turkey are exploiting the vulnerability that could potentially impact tens of millions of devices worldwide.

In their letter, Neuberger and Inglis urged companies to, among other things, back up their data, update their systems and rehearse their cyber incident response plans now.

“Beyond the holidays, though, we’ve experienced numerous recent events that highlight the strategic risks we all face because of the fragility of digital infrastructure and the ever- present threat of those who would use it for malicious purposes,” they wrote.