The Russian invasion of Ukraine has escalated past traditional warfare. The impact and implications of the attack will be felt far past the region’s borders. The U.S. Government has recently issued statements warning of potential cyberattacks by Russia against the United States. Organizations need to re-evaluate their security measures and should be on the defense to protect themselves from these expected coordinated cyber attacks.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has outlined some steps for organizations to adopt a better security posture to protect their most critical assets, following previously issued warnings about the risks to U.S. critical infrastructure.
Here are the top 4 recommended actions to adopt:
Reduce the likelihood of a damaging cyberattack
- Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.
- Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
- Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
- If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.
- Sign up for CISA’s free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.
Take steps to quickly detect a potential attack
- Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
- Confirm that the organization’s entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
- If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.
Ensure the organization is prepared to respond if an attack occurs
- Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and business continuity.
- Assure availability of key personnel; identify means to provide surge support for responding to an incident.
- Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.
Maximize the organization’s resilience to a destructive cyber incident
- Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections.
- If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.
It is imperative to practice and implement these recommendations to ensure your organization has the right tools and plan in place to reduce the risk of compromise and attacks. Implementing these into your organization’s security activities will improve your cybersecurity and resilience.
With the current situation in Ukraine, many organizations ask, “how should I operationalize our threat intelligence related to this situation so we can have a better perspective on threat actors and groups and other threat-related activities (like phishing attacks and scams) associated with the Ukraine / Russia war?”
With ThreatConnect, you can take it a step further. Not only are you able to tighten up your security measures, but The ThreatConnect Platform is optimized to provide organizations the ability to create a custom dashboard to pull real-time, topical threat intelligence into a single view. This example dashboard was created in minutes and provides a head-up-display type of real-time view on any threat intelligence associated with the war in Ukraine, and threat actors, campaigns, and indicators associated with Russia. This helps create a more heightened security posture for your organization, and you will also have the ability to monitor threat intelligence to defend against any future attacks you may not have known about otherwise.
To learn how your organization can defend itself against Russian threats and equip yourself with the right tools, please contact us and we’ll be happy to help!