In a new release dated January 18th, 2022, CISA has advised businesses across sectors to ramp up their cybersecurity measures to align with the deteriorating cybersecurity environment across cyberspace. The advisory relates to the recent cyber attacks on various businesses in Ukraine.
Ukrainian firms have reported several harmful malware on their systems. CISA believes that such malware could potentially be used to disrupt other sectors and nations as well. Broadly CISA has advised businesses to focus on reducing the likelihood of cyber intrusion, detect intrusion, ensure that the organization is prepared to deal with an intrusion, and enhance institutional resilience to respond effectively to a potentially destructive cyber episode.
Here are a few key points that we have distilled from CISA’s advisory
- Businesses have to work to validate all existing remote access functions. Multi-factor authentication has to be deployed for all such instances
- Apply patches at the earliest and avoid skipping patch schedules
- Security teams should disable all non-essential ports immediately
- Secure cloud services: Implement strong controls to cloud services as identified in another CISA guidance
- Ensure that cybersecurity personnel are empowered to detect, log and report any anomalous network activity.
- Protect the whole network from cyberattacks through anti-malware software, ensure that the software is updated
- Organizations working with Ukrainian entities need to deploy additional measures. They should isolate, monitor, and inspect traffic from such entities
- Designate a crisis response team with a clear RACI structure to ensure tech, communications, legal, and business continuity
- Enable adequate provisioning of surge support
- Conduct tabletop exercises to test the understanding of roles and responsibilities of all personnel. Use our template to get started now: IEC 62443, NIST Table of Roles & Responsibilities Template
- Test all available backup procedures to ensure that critical data can be accessed and restored rapidly without any delay
- Businesses that are using industrial control systems (ICS) and operational technology (OT) should conduct a test of their manual controls to ensure the continuing operability of critical functions in case of network disruption or loss of trust in the integrity of the network
In light of the above advisory, critical infrastructure operators and those who have IoT and OT installations must revisit their cybersecurity practices and posture on a priority basis.
Sectrio is offering its threat intelligence feeds for trial for free for 15 days. Our feeds work with the best SIEM solutions out there and meet all the parameters listed above. To access our threat intelligence feeds for free, sign up now.
Talk to our cybersecurity experts to learn how Sectrio’s IoT security solution and threat intelligence can help your business