Warning others of a potential crisis and telling them what they can do is an important crisis management best practice. Whether they heed it and follow the advice is quite another matter.
“Shield up” warning
As concerns continue to grow over a Russian invasion of Ukraine, the Cybersecurity and Infrastructure Agency (CISA) issued a ‘shields up’ warning to Friday night to American companies. He recommended that “all organizations, regardless of size, adopt an enhanced cybersecurity posture and the protection of their most critical assets.”
CISA said that “although there is currently no specific credible threat to the American homeland, we are aware of the possibility that the Russian government may consider escalating its destabilizing actions in a way that could have an impact on others outside Ukraine”.
BNC News reported that “there are no publicly known instances of Russian state-run hackers deliberately and successfully deploying destructive malware against the US power grid. But that fear has long driven cybersecurity warnings, and the United States has issued multiple reviews to learn how cybersecurity workers in the United States can counter the most common hacking tactics in Russia.
Every organization is at risk
“Every organization in the United States is exposed to cyber threats that can disrupt essential services and potentially impact public safety. Over the past year, cyber incidents have affected many businesses, nonprofits, and other organizations large and small across many sectors of the economy.
“Notably, the Russian government has used cyber as a key element of its force projection over the past decade, including previously in Ukraine in 2015. The Russian government understands that disabling or destroying critical infrastructure, including electricity and communications, can increase pressure on a country’s government, military and people and hasten their adherence to Russian goals.
CISA has recommended that all organizations take the following actions.
Reduce the likelihood of a damaging cyber intrusion
- Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.
- Make sure the software is up to date, prioritizing updates known exploited vulnerabilities identified by CISA.
- Confirm that the organization’s IT staff has disabled all ports and protocols that are not essential for business purposes.
- If the organization uses cloud services, ensure that IT staff have reviewed and implemented stringent controls outlined in CISA guidelines.
- Register for CISA’s Free Cyber Hygiene Servicesincluding vulnerability scanning, to help reduce exposure to threats.
Take steps to quickly detect a potential intrusion
- Ensure cybersecurity/IT personnel are focused on quickly identifying and assessing any unexpected or unusual network behavior.
- Confirm that the organization’s entire network is protected with anti-virus/anti-malware software and that the signatures of these tools are up-to-date.
- If you work with Ukrainian organizations, be very careful to monitor, inspect and isolate traffic from these organizations; carefully consider the access controls for this traffic.
Make sure the organization is ready to react if an intrusion occurs
- Designate a crisis response team with key points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and operational continuity.
- Ensure the availability of key personnel; identify ways to provide surge support to respond to an incident.
- Conduct a table-top exercise to ensure that all participants understand their role during an incident.
Maximize the organization’s resilience in the face of a destructive cyber incident
- Test backup procedures to ensure that critical data can be quickly restored if the organization is hit by ransomware or a destructive cyberattack; Make sure backups are isolated from network connections.
- If you use industrial control systems or operational technology, test manual controls to ensure that critical functions remain operational if the organization’s network is unavailable or unreliable.
CISA observed that “by implementing the steps above, all organizations can make near-term progress toward improved cybersecurity and resilience.
“Further, while recent cyber incidents have not been attributed to specific actors, CISA urges each organization’s cybersecurity/IT personnel to review Understanding and Mitigating Russian State-Sponsored Cyber Threats to US Critical Infrastructure. CISA also recommends that organizations visit StopRansomware.gova centralized, government-wide webpage providing ransomware resources and alerts. »