Along with Russia’s invasion of Ukraine, come renewed warnings from the White House to US-based businesses. The warning – Russia is advancing malicious cyberactivity against the United States and your business.
“We are seeing Russian state actors scanning, probing, looking for opportunities, looking for weaknesses in our systems on critical infrastructure, on businesses,” said Deputy Attorney General Lisa Monaco to Bill Whitaker in an interview on 60 Minutes. “Think of it as a burglar going around trying to jiggle the lock in your house door to see if it’s open, and we’re seeing that.”
Cybersecurity and Infrastructure Security Agency Director Jen Easterly said during the same interview, “We are dealing with a very dangerous, very sophisticated, very well-resourced cyber actor.” Easterly continued, “What does that mean? It means – assume there will be disruptive cyber activity and make sure you are prepared for it.”
Are you prepared?
The U.S. Government offers resources and tools on CISA’s (Cybersecurity and Infrastructure Security Agency) Shields Up page. See the summary below. Each point should give you pause. These questions and reminders should either stoke a sense of urgency in reaching cybersecurity readiness or reveal how hard you’ve worked with your IT management team to be prepared.
Reduce damage from a cyber intrusion
- Remote access to your network should require multi-factor authentication.
- Is your software current?
- Non-essential network ports and protocols into your network should be closed.
- Ensure strong controls are set and maintained if you are using cloud services.
- Identify and assess unexpected or unusual network behavior. Enable logging to investigate issues or events.
- Protect your network with antivirus/anti-malware software. Ensure that signatures and certificates in these tools are updated.
- If working with Ukrainian organizations, take additional care to review access controls for that traffic.
Prepare to respond
- Designate a response team with points of contact for an incident.
- Assure availability of key people. Discuss ahead of time. Post schedules/vacations.
- Rehearse scenarios to ensure everyone understands their roles.
Maximize resilience to an actual incident
- Consider backup procedures. Can your data be quickly restored?
- Ensure your backups are isolated from network connections.
Leadership is the key to readiness
You absolutely have to weigh security improvements against cost and risk. But with the heightened threats and immediate demands, help your business understand why additional security investments need to be a focus.
Lower reporting thresholds
Set an expectation that malicious cyber activity, even if blocked by security controls, should be reported to [email protected]. Lowering thresholds will ensure the identification of an issue and help protect against further attacks.
All-inclusive fire drill rehearsal
Response plans should include your security and IT teams, and your leadership. Senior management should participate in a review to ensure awareness of how the business will manage a major cyber incident.
Focus on continuity
Concentrate on systems sustaining critical functions. Ensure that these have been identified and that continuity tests have been completed.
Plan for the worst
Plan for a worst-case scenario. Ensure that critical measures can be taken to protect your organization’s most critical assets in case of an intrusion, including disconnecting high-impact parts of the network if necessary.