Explaining CISA’s Recommendations Against Potential Russian Cyber Aggression [Feb 2022]

While there is no specific threat as of now to the US homeland, CISA is being cautious when it comes to the potential of Russian cyber aggression against American organizations.

CISA’s Cybersecurity Recommendations for Businesses and Corporate Leaders

Regardless of size or industry, CISA is recommending that all organizations adopt a heightened cybersecurity posture to protect critical assets from the rising threat of Russian cyber aggression.

Here are the recommended guidelines to follow:

Reduce the Risk of Damaging Cyber Intrusion

• Validate that all remote, privileged, or administrative access to your organization’s network requires multi-factor authentication.
• Ensure that all software is up to date (including anti-virus, firewalls, and other security applications). Prioritize updates that address vulnerabilities identified by CISA.
• Have your IT team disable all ports and protocols that are not essential for business.
• If using cloud services, have your IT team review and implement strong controls based on CISA guidelines.

Prepare to Quickly Detect Potential Intrusions

• Organizations should focus their cybersecurity/IT teams on identifying and assessing unexpected network activity. Enable logging to help investigate any issues.
• Ensure your entire network is protected by fully-updated antivirus and antimalware software.
• If working with Ukrainian organizations, be sure to take extra care in monitoring, inspecting, and isolating traffic from those organizations.

Maximize Your Organization’s Cyberthreat Resilience

• Properly test all backup procedures to make sure that your organization’s crucial data can be restored quickly. Isolate backups from network connections.
• For organizations using industrial control systems or operational technology, conduct tests of manual controls to make sure critical functions can remain operational in the event of a network outage or potential intrusion.

CISA’s Recommendations for Corporate Leaders and CEOs

Corporate leaders and CEOs play an important role in pushing their organizations to adopt these protective guidelines. CISA is urging people in these positions to take these steps:

• Empower your Chief Information Security Officers (CISO) by including them in decision-making processes during these times. In addition, ensure that the entire organization understands that security is a top priority.
• Lower reporting thresholds within your organization so that any slight indication of malicious activity, even if blocked by established security controls, is immediately identified, investigated, and reported.
• Test response plans and be sure to include everyone involved, including your security and IT teams and senior-level business leaders and board members, to ensure they are familiar with your organization’s plan for major cyber incidents.
• Focus security investments on systems that support critical business functions. Senior management should work to identify these systems and establish continuity tests to ensure these critical systems and functions remain available after an attack.
• Have a plan for a worst-case scenario to protect your organization’s most critical assets, including disconnecting high-value parts of your network, if necessary.

In Conclusion

For more help meeting these new CISA recommendations, contact DOT Security to learn more about services that can reduce your threat exposure.