The latest cyber vulnerability involves international players. Historically, conflicts between countries involved primarily military action. In the 21st century, cyber threats are used along with air/ground forces. And, these cyber risks extend to the US and all countries in the NATO Alliance.
Every organization in the US is at risk from cyber threats that can disrupt essential services. As we know, the Russians have used cyber as a key component for the past decade, to include disabling or destroying critical infrastructure. With escalation a real possibility between Russia and Ukraine, cyber threats are a serious issue.
On a personal note, I’ve noticed that on this website of late, I’ve received 25-30 “hits” per week from Russian IP’s trying to get in 🙁 Whether you are small or large, anyone who has an outward facing website should be alert! Take proactive steps now to protect you and your organization.
The new Director of CISA (Cybersecurity & Infrastructure Security Agency) excels in providing information to help us. Sharing the latest “Shields Up” information she has provided.
CISA recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. Recommended actions include:
- Reduce the likelihood of a damaging cyber intrusion
- Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.
- Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
- Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
- If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.
- Sign up for CISA’s free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.
Take steps to quickly detect a potential intrusion
- Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
- Confirm that the organization’s entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
- If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.
Ensure that the organization is prepared to respond if an intrusion occurs
- Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and business continuity.
- Assure availability of key personnel; identify means to provide surge support for responding to an incident.
- Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.
Maximize the organization’s resilience to a destructive cyber incident
- Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections.
- If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.
By implementing the steps above, all organizations can make near-term progress toward improving cybersecurity and resilience. In addition, while recent cyber incidents have not been attributed to specific actors, CISA urges cybersecurity/IT personnel at every organization to review Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure. CISA also recommends organizations visit StopRansomware.gov, a centralized, whole-of-government webpage providing ransomware resources and alerts.
As the nation’s cyber defense agency, CISA is available to help organizations improve cybersecurity and resilience, including through cybersecurity experts assigned across the country. In the event of a cyber incident, CISA is able to offer assistance to victim organizations and use information from incident reports to protect other possible victims. All organizations should report incidents and anomalous activity to CISA and/or the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
Business Step-in Planning
In light of what’s going on these days, check out a complimentary offering I’ve created. Business Step-in Planning provides an introduction, a survey and a report to download. Go here to access it and feel free to pass it along: https://bit.ly/222Cyber
Show some love to you and yours in advance of Valentine’s Day. Making life easier while you’re living and for others after you’re gone is my mission. Reach out anytime by email: Lynn@thelivingplanner.com and/or check out all my online offerings, resources, and information focused on People, Pets and Business! Access Home Page is: https://courses.thelivingplanner.com
To the journey ahead –Lynn
#CareForPeopleCareForBusiness