Due to the growing conflict in Russia and Ukraine, CISA (Cybersecurity & Infrastructure Security Agency) issued a recommendation for all organizations, regardless of their size, to adopt a heightened security posture for cybersecurity and the protection of critical assets. CISA is not identifying specific threats in the advisory, however, the likelihood of escalation of cyber threats in the US is enough to warrant the increased security posture.
Regardless of whether you engage in government contracting or focus on commercial B2B or B2C activities, your IT systems may be at risk and targeted. Taking appropriate actions to remediate or limit exposure is critical over the coming weeks. CISA is urging companies to take measures to reduce exposure and minimize damaging attacks from state-sponsored actors. These include:
Reducing the likelihood of a damaging cyber intrusion
CISA recommends validating all remote access to networks and adopting multi-factor authentication, ensuring your organization’s software is up to date (prioritizing known exploited vulnerabilities identified by CISA), and improving cyber hygiene.
Taking steps to quickly detect potential intrusions
Ensure that IT and SecOps teams are focused on identifying and assessing any unexpected or unusual network behavior, deploying security tools like anti-virus and anti-malware, and closely reviewing access controls for offshore teams or team members.
Preparing for incident response if an intrusion occurs
CISA recommends designating a crisis-response team with points of contact for suspected cybersecurity incidents or breaches, verifying the availability of key personnel for incident response, and conducting tabletop exercises to ensure everyone understands their roles and responsibilities in a potential incident.
Maximizing resiliency to destructive cyber attacks
Test your backup procedures and conduct manual control tests to ensure critical functions remain operable if your organization’s network is unavailable or breached and untrusted.
CISA also recommends several actions be taken by corporate leaders and CEOs for a heightened security posture. CISA recommends that all organizations:
Empower security leaders
Ensure the entire organization understands security investment as a top priority in the immediate term by empowering CISOs and security leaders and including them in the decision-making process for risk assessment and management in the company.
Lower reporting thresholds for potential cyber incidents
Management and leaders should establish an expectation that any indications of malicious activity, even if blocked, should be reported and addressed.
Participate in test of response planning
Leadership should participate in hands-on tabletop exercises to ensure organizational familiarity with managing cyber incidents.
Focus on business continuity
Ensure systems critical to business operations are identified and continuity tests have been conducted to ensure those functions remain available following a breach.
Plan for the worst
Prepare plans for securing your organization’s most critical assets in case of a breach and properly plan for drastic measures should they be needed.
Act Now!
CISA’s recommendations outline a comprehensive list of actions you can take now. It may seem daunting but divide and conquer by utilizing each person on your team.
Here are a few things you can do now to make progress quickly:
Patch critical vulnerabilities today: This is a great opportunity to scan for outstanding software patches and vulnerabilities on your endpoints. Use Automox to automate patching of critical vulnerabilities, including CISA recommended patches, to quickly reduce the attack surface for your organization.
Enable multi-factor authentication: Ensure security measures are being enforced for your tech stack – MFA is enabled for all users, anti-virus/anti-malware is installed on all endpoints, etc.
Practice your critical incident response process: Get together with your team and reinforce training and best practices so you’re prepared to identify and respond to suspicious activity on your system. This is the time to validate your processes and improve where needed.
Communicate: Now is the time to keep everyone informed and educated on how to stay secure. Communicate to executive leadership and across organizations so all employees can work together seamlessly towards a secure environment.
Be alert to unusual or unexpected behaviors such as email and network activity. Even cyber intrusions that appear innocent may result in infiltration of networks, exfiltration of data, or destructive follow-on attacks. If your organization is targeted, act quickly to identify and remediate the threats.
Also, note that cyber attacks or incidents may trigger reporting or disclosure requirements to the government or other agencies. If you have an actual cyber incident, consult with your general counsel to assess and address these and other requirements.
Automox for Easy IT Operations
Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day.
Demo Automox and join thousands of companies transforming IT operations into a strategic business driver.