The Cybersecurity and Infrastructure Security Agency (CISA) recently released a bulletin warning organizations of recent cyber threats and how to best combat and protect against these intrusions. These recent attacks include website defacement and destructive malware, resulting in damage to critical infrastructure.
What Should You Do?
Here are steps you can easily implement to reduce the likelihood and impact of a potentially damaging compromise.
Protect Yourself from Potential Attacks
- Make sure multi-factor authentication is set up for all remote access to the organization’s network – privileged or administrative access
- Ensure your software is up-to-date with most recent patches
- Have your company receive an IT Health Check to analyze your overall IT operations, it will show you where you’re ahead and where the risks reside
Take Steps to Quickly Detect a Potential Intrusion
- Make sure cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior
- Confirm entire networks are protected by antivirus/antimalware software and that signatures in these tools are updated
Be Prepared to Respond if an Intrusion Occurs
- Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and business continuity
- Assure availability of key personnel; identify means to provide surge support for responding to an incident
- Conduct exercises to ensure that all participants understand their roles during an incident
Maximize Resilience to a Destructive Cyber Incident
- Test backup procedures to ensure critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure backups are isolated from network connections.
- If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.
As we often say, failure to prepare is preparing to fail. By implementing the steps above, all organizations can make near-term progress toward improving cybersecurity and resilience. If you have any questions, or need assistance implementing any of the steps above, BMT can help.