Unless you are living completely off the grid, you know the horrifying war in Ukraine and the related geopolitical tensions have dramatically increased cyberattacks and the threat of even more to come.
The Cybersecurity and Infrastructure Security Agency (CISA) provides guidance to US federal agencies in their fight against cybercrime, and the agency’s advice has proven so valuable that it’s been widely adopted by commercial organizations too.
In February, CISA responded to the current situation by issuing an unusual “SHIELDS UP!” warning and advisory. According to CISA, “Every organization—large and small—must be prepared to respond to disruptive cyber incidents.”
The announcement from CISA consisted of a range of recommendations to help organizations and individuals reduce the likelihood of a successful attack and limit damage in case the worst happens. It also contains general advice for C-level leaders, as well as a tip sheet on how to respond to ransomware in particular.
Breaking down the SHIELDS UP guidelines
There’s a lot of stuff there – over 20 instructions and recommendations in total. How much can you really do? Digging into it though, many of the CISAs guidelines are really just basic security practices that everyone should be doing anyway. In the list of recommendations, the first two are about limiting user privileges and applying security patches – particularly those included in CISA’s list of known exploited vulnerabilities. Everyone should be doing that, right?
Next, CISA recommends a list of actions for any organization that does get attacked. Again, these tips are fairly straightforward – quickly identifying unexpected network activity, implementing antimalware and antivirus software, and keeping thorough logs. Sensible advice but nothing ground-breaking.
And here’s the thing – these activities should already be in place in your organization. There should be no need to “mandate” good practice and the fact that this “official advice” is needed says a lot about the general state of security in companies and organizations around the world.
Implementing the guidelines in practice
Security posture becomes weak due to missing technical know-how, resources, and a lack of strategy. That this happens is understandable to a degree because even though the technology is core to the functioning of organizations it remains true that delivering technology services is not the core purpose of most companies. Unless you’re in the tech sector, of course.
One way to address the current gaps in your practices is to rely on an external partner to help implement items that are beyond your capabilities or available resources… In fact, some requirements are unattainable without a partner. For example, if you need to update end-of-life systems you’ll find that updates are no longer provided by the vendor. You’ll need a security partner to provide you with those patches. Read more: https://bit.ly/3FvFTmB
You can also read this: Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware