720-891-1663

Return to list of client alerts

Shields Up!

No, we are not on Star Trek.

This is a warning system from CISA, DHS’s Cybersecurity and Infrastructure Security Agency.

CISA says, without referencing any classified intelligence, that Russia might decide to use cyberattacks against us instead of kinetic attacks, thinking that such an attack might not cross some imaginary line that would cause us to retaliate.

At best this is hope; at worst who knows what type of cyberattack might cross that imaginary line.

CISA RECOMMENDS THAT ALL ORGANIZATIONS – REGARDLESS OF SIZE – ADOPT A HEIGHTENED POSTURE WHEN IT COMES TO CYBERSECURITY AND PROTECTING THEIR MOST CRITICAL ASSETS.

Then CISA outlines some recommendations —

The first part is to take steps to make it harder for the bad guys to break in:

  • Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.
  • Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
  • Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
  • If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.
  • Sign up for CISA’s free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats (only applies to critical infrastructure).

The next step is to detect an attack quickly:

  • Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
  • Confirm that the organization’s entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
  • If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.

Then be prepared to respond quickly:

  • Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and business continuity.
  • Assure availability of key personnel; identify means to provide surge support for responding to an incident.
  • Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.

And, finally, make your systems as resilient as possible:

  • Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections.
  • If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.

This will not make you bullet proof. This is kind of like locking the doors and windows – basic cyber hygiene. But, likely, as you look at this list you will probably see items that are not compete or could be done better. That is where you start. When you are done with this, you can move on to advanced.

As always, if you need help, please contact us. Credit: DHS CISA