CISA Issues “Shields Up” Advisory
WHAT HAPPENED?
The Cybersecurity & Infrastructure Security Agency’s (“CISA”) issued a “Shields Up” message to every U.S. organization in response to Russia’s unprovoked attack on Ukraine, which included cyber attacks on the Ukrainian government and critical infrastructure. According to CISA, there are no specific or credible cyber threats to the U.S. homeland currently, but it is important to remain mindful of the potential for Russia’s actions to impact organizations. CISA and its partners are monitoring the current threat environment 24/7 to discern if threats turn in to risks to the U.S. homeland.
WHAT DOES THIS MEAN FOR ME?
CISA is ready and prepared to help organizations respond to cyber attacks. Society’s dependency on supply chains and today’s highly connected and complex technology environments makes it difficult to completely prevent incidents that might disrupt business operations. CISA reminds organization that if incidents are reported quickly, it can use this information to offer assistance and warning to prevent other organizations from succumbing to a similar attack.
CISA has compiled a catalog of free services to assist organizations with identifying resources for urgent security improvements and recommends organizations take the below actions:
- Reduce the likelihood of a damaging cyber intrusion
- Validate all remote access to the organization’s network and privileged or administrative access requires MFA.
- Ensure software is up to date, prioritize updates for known exploited vulnerabilities identified by CISA.
- Confirm IT personnel have disabled all ports and protocols not essential for business purposes.
- If cloud services are used, ensure IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.
- Sign up for to help reduce exposure to threats.
- Take steps to quickly detect a potential intrusion
- Ensure cybersecurity / IT personnel focus on identifying and assessing unexpected or unusual network behavior.
- Confirm antivirus / antimalware software is used and the signatures updated for the organization’s entire network.
- If your firm is working with a Ukrainian organization, take extra care to monitor, inspect, and isolate traffic and closely review access controls for that traffic.
- Ensure the organization is prepared to respond if an intrusion occurs
- Establish a crisis-response team with main points of contact for a suspected cybersecurity incident and roles / responsibilities within the organization.
- Ensure availability of key personnel; identify means to provide surge support for responding to an incident.
- Conduct regular tabletop exercises to ensure participants understand their roles during an incident.
- Maximize the organization’s resilience to destructive cyber incidents
- Test backup procedures to make sure critical data can be quickly restored if the organization is impacted by ransomware or a destructive cyberattack and backups are isolated from network connections.
- If control systems or operational technology is used, conduct a test of manual controls to ensure critical functions will remain operable if the organization’s network is unavailable or untrusted.
CISA also recommends all senior leaders take the below steps as corporate leaders have an important role in ensuring their organization adopts a heightened security posture.
- Empower Chief Information Security Officers (CISO)
- CISOs should be included in the decision-making process for risk to the company, and ensure that the entire organization understands that security investments are a top priority in the immediate term.
- Lower Reporting Thresholds
- During this heightened threat environment, organizations’ thresholds for reporting should be significantly lower than normal. Senior management should establish an expectation that any indications of malicious cyber activity, even if blocked by security controls, should be reported, as noted in the Shields-Up website, to CISA or the FBI.
- Participate in a Test of Response Plans
- Cyber incident response plans should include senior business leadership and board members. Senior management should participate in a tabletop exercise to ensure familiarity with how the organization will manage a major cyber incident to the organization itself as well as companies within your supply chain.
- Focus on Continuity
- Investments in your firm’s security and resilience are well worth it and should be prioritized for systems that support critical business functions. Senior management should ensure such systems have been identified and that continuity tests have been conducted to ensure critical business functions can remain available after a cyber intrusion.
- Plan for the Worst
- The U.S. government does not have credible information regarding specific threats to the U.S. homeland, but organizations should plan for a worst-case scenario.
CONCLUSION
Fairview Cyber can help your firm with essential cyber and data security services like phishing prevention training, network penetration testing, vendor due diligence, tabletop testing, and more. These services will support the goals of the “Shields Up” message and assist your firm in establishing an adequate Cybersecurity program. Contact us today for more information about our services.