Source: Cybersecurity and Infrastructure Security Agency
The Cybersecurity and Infrastructure Security Agency (CISA) advises all organizations, regardless of size, to adopt a heightened cybersecurity posture to protect their most critical assets. Recognizing the challenge many organizations face in identifying resources for urgent security improvements, CISA has compiled a list of free cybersecurity services and tools from government and industry partners to assist. The recommended actions include:
Reducing the Likelihood of a Damaging Cyber Intrusion
Enforce Multi-Factor Authentication (MFA): Ensure that all remote access to the organization’s network and privileged or administrative access requires MFA.
Update Software: Keep software up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
Disable Unnecessary Ports and Protocols: Confirm that IT personnel have disabled all ports and protocols that are not essential for business purposes.
Strengthen Cloud Security: If using cloud services, ensure that IT personnel have reviewed and implemented strong controls as outlined in CISA’s guidance.
Utilize Free Cyber Hygiene Services: Sign up for CISA’s free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.
Detecting Potential Intrusions Quickly
Monitor Network Behavior: Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging to better investigate issues or events.
Deploy Antivirus/Antimalware Software: Confirm that the organization’s entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
Special Monitoring for Ukrainian Traffic: If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.
Preparing to Respond to Intrusions
Establish a Crisis-Response Team: Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and define roles and responsibilities within the organization, including technology, communications, legal, and business continuity.
Ensure Key Personnel Availability: Assure the availability of key personnel and identify means to provide surge support for responding to an incident.
Conduct Tabletop Exercises: Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.
Maximizing Resilience to Destructive Cyber Incidents
Test Backup Procedures: Ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections.
Test Manual Controls: If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.
By implementing these steps, organizations can make significant progress toward improving their cybersecurity and resilience. Additionally, CISA urges cybersecurity/IT personnel at every organization to review the document “Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure.” For more resources and alerts, organizations are encouraged to visit StopRansomware.gov, a centralized, whole-of-government webpage providing ransomware resources and alerts.