CISA Warns to Increase Cybersecurity Defenses Against Potential Critical Threats
CISA recently published a document urging all US organizations, not just critical infrastructure operators, to shore up their defenses in response to cyberattacks on Ukraine’s systems and websites, which the country’s officials blame on hackers linked to the Russian intelligence services.
Prior to the latest Russian cyberattacks on Ukraine, CISA published an advisory that was primarily focused on the US critical infrastructure outlining recent Russian state-sponsored hacker techniques and attacks on enterprise systems such as Microsoft Exchange, VPNs, Oracle software, and VMware. It shed a spotlight on the damaging attacks on industrial control systems (ICS) networks in the United States and Ukraine.
The new CISA document stresses that senior leaders at every organization in the US be on the alert for critical cyber threats and take urgent near-term measures to minimize the likelihood and impact of a potentially damaging cyberattack. CISA also urged US organizations that are in business with Ukrainian organizations to take additional care to monitor, inspect, and isolate traffic from those organizations – and review access control for that traffic.
CISA also recommends that organizations establish a crisis-response team, develop response strategies, nominate key personnel, and practice incident response. To build resilience against destructive malware, CISA urges that organizations test their backup procedures and ensure that the backups are isolated from network connections. Additionally, they should ensure that critical data can be restored rapidly.
Ways Organizations Can Stay Safe From Potential Cybersecurity Threats
Any online conflict can have damaging security repercussions. As such, it’s critical to ensure that your security is at full strength. Here’s how:
1. Apply Patches and Security Updates
The best way to close vulnerabilities in your networks is to apply patches and security updates to operating systems and software. Most cyberattacks actively seek to exploit unpatched software as a backdoor into network systems. All devices and software known to be vulnerable should be patched immediately. Also, organizations should disable all non-essential protocols and ports, implement controls for using the cloud, and regularly conduct vulnerability scanning.
2. Use Multi-Factor Authentication
Multi-factor authentication refers to a verification security process that mandates that you provide more than two identity proofs before you can access a given account. For instance, a system may require a password and a code sent to your mobile device before access can be granted. It adds an extra layer of security, thereby making it difficult for hackers to access your device or online accounts.
Multi-factor authentication is central to CISA’s recommendations. Organizations should use it at all times for systems and networks that require admin or privileged access.
3. Use Antivirus Software and Ensure That It Works
Firewalls and antivirus software can help organizations detect malware, suspicious links, and other threat vectors used in cyberattacks. Just like with other software, it’s vital to confirm that your antivirus software is up to date and that it is active and working properly.
4. Backup Your Data
Backing up your organization’s data will ensure that you can easily recover it in case of a cyber incident. It’s important that you conduct the data backups regularly. Ideally, you should use multiple backup techniques to enhance the safety of your files. You could store the data on-site, in the cloud, and on an external device. Also, you should regularly check and test that you can restore your data from the backup.
5. Understand Your Network
You won’t be able to protect your network if you don’t know what’s on it. As such, information security personnel should actively be able to identify all users and devices on their network. They should also be able to detect any potentially suspicious activity.
Suppose there’s an anomaly in a user account or the functioning of a device, this could be an indication that they have been compromised by a threat actor attempting to plant malware. When you can easily identify anomalies in your network system, you’ll be better placed to protect your organization from a data breach.
6. Have an Incident Response Plan in Place
Even if an organization heeds to all the cybersecurity best practices, they should still draw up a plan on how to deal with a cyberattack incident. For instance, how will they communicate a response when the network is down? Planning ahead and conducting training exercises can minimize the impact of a successful cyberattack.
Organizations should be aware of the risks cyber threats pose to their operations and ensure that they establish robust cyber resilience strategies and the ability to detect, respond to, and remediate the threats. They should also have measures for dealing with disruptive counterattacks.
7. Use Strong Passwords
One of the most common methods cyber attackers use to breach networks is to simply guess passwords and usernames – especially if the targeted organization uses cloud services such as Google Workspace or Microsoft 365. Users should be urged not to use easy to guess or moon passwords. Instead, they should use a password manager. Any device that has a default password should be changed. A strong password includes:
- 10 or more characters
- At least one lower case letter
- At least one uppercase letter
- At least one number
- At least one special character
8. Brief Everyone in the Organization About Cybersecurity Threats
It’s the responsibility of information security to be aware of cybersecurity attack vectors and deal with them. However, it’s unlikely that measures for combating cyberattacks are common knowledge for people outside the cybersecurity team. All the staff in an organization should be made aware of how to detect and report suspect cybersecurity events. For a business to be secure, it’s vital that everyone plays their part.
The ongoing situation in Ukraine means that organizations should be ready to defend their networks against cyberattacks from Russia. That said, the potential effect of aggressive cyber activity should not be overestimated. The concerns are valid and reasonable; Russia has a track record of aggressively using its considerable cyber capacity in Ukraine and abroad.
Alvarez Technology Group Can Help Protect Your Organization From Cybersecurity Threats
Protecting your organization is a top priority for technical and security experts at Alvarez Technology Group. We work with premium vendors in the IT security space to provide you with top-notch security and the education needed to stay safe. Contact us at (831) 753-7677 or via email at [email protected] for more information on our services.