The business world is on high alert. President Biden, the FBI and Department of Homeland Security are warning the private sector about potential Russian-sourced cyber attacks. The consistent theme? �Lean into your cybersecurity strategy,� said Conrad Bell, C Spire Chief Information Security Office. �While there might be more threats than usual, malware, phishing attempts, zero-day attacks, etc, are not new. A smart strategy that deploys layers of security is the best approach to today�s threats.�
How robust is your strategy?
A business� cybersecurity strategy needs to address four main areas of concern, says the Cybersecurity and Infrastructure Security Agency (CISA). �In the absence of a specific threat, these should be your priorities,� said Bell.
1\. Reduce the likelihood of a damaging cyber intrusion
- Validate that all remote access to the organization�s network and privileged or administrative access requires multi-factor authentication.
- Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
- Confirm that the organization�s IT personnel have disabled all ports and protocols that are not essential for business purposes.
- If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA's guidance.
- Sign up for CISA's free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.
2\. Take steps to quickly detect a potential intrusion
- Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
- Confirm that the organization's entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
- If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.
3\. Ensure that the organization is prepared to respond if an intrusion occurs
- Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and business continuity.
- Assure availability of key personnel; identify means to provide surge support for responding to an incident.
- Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.
4\. Maximize the organization's resilience to a destructive cyber incident
- Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyber attack; ensure that backups are isolated from network connections.
- If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization�s network is unavailable or untrusted.
By implementing the steps above, all organizations can make progress toward improving cybersecurity and resilience. In addition, CISA urges cybersecurity/IT personnel at every organization to review Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure.
CISA also recommends organizations visit StopRansomware.gov, a centralized, whole-of-government webpage providing ransomware resources and alerts.