Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety. Over the past year, cyber incidents have impacted many companies, non-profits, and other organizations, large and small, across multiple sectors of the economy.
Notably, the Russian government has used cyber as a key component of their force projection over the last decade, including previously in Ukraine in the 2015 timeframe. The Russian government understands that disabling or destroying infrastructure can enhance pressure on a country and accelerate their acceding to Russian objectives.
While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine.
With this very real threat and escalating situation, CBM Technology is on high alert and doing everything we can to spread awareness and assess potential threats to keep you informed.
Many businesses and governments may find it challenging to identify resources of urgent security improvements and CBM Technology has established a list of pointers and services to assist with this critical need. If at any point you feel unprepared or need assistance, get in touch with us so we can help you be better prepared.
Shields Up Guidance for all Louisiana Organizations
CBM Technology and CISA (Federal Cybersecurity & Infrastructure Security Agency) recommends all organizations, regardless of size, adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. Recommended actions include (Please note that CBM Technology covers all the technical security requirements in its SecurityCare+ package. CBM Technology is also SOC 2 Type 2 compliant which is required for several industry compliance needs.
Reduce the likelihood of a damaging cyber intrusion
- Confirm that firewall firmware is up to date.
- Verify that all ports and protocols are disabled that are not essential for business purposes.
- Enable or tighten web content filter to prevent end users accessing malicious sites.
- Confirm that the entire network is protected by Endpoint Detection & Response software and that these tools are updated.
- Ensure operating system and 3rd party applications are up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA MITRE ATT&CK Framework.
- Verify that IoT devices such as security cameras, printers and other devices have limited exposures to the Internet.
- If using cloud services, ensure that you have reviewed and implemented strong controls such as Multi-Factor Authentication.
- Perform vulnerability scans, to help reduce exposure to threats.
- Educate end users cyber security awareness
Take steps to quickly detect a potential intrusion
- Stay focused on identifying and quickly assessing any unexpected or unusual network behavior.
- Take extra care to monitor, inspect, and isolate traffic from outside of the United States; closely review access controls for that traffic.
Maximize the organization’s resilience to a destructive cyber incident
- Review backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyber-attack; ensure that backups are isolated from network connections.
- If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.
Ensure that the organization is prepared to respond if an intrusion occurs
- Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and business continuity.
- Assure availability of key personnel; identify means to provide surge support for responding to an incident.
- Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.
By implementing the steps above, all organizations can make near-term progress toward improving cybersecurity and resilience.
Recommendations for Organization Leaders and CEOs
Corporate leaders have an important role to play in ensuring that their organization adopts a heightened security posture.
The team at CBM Technology can provide risk assessments, auditing, and reporting information to senior leadership
CBM Technology and CISA urges all senior leaders, including CEOs, to take the following steps:
- Re-Analyze Risks: In nearly every organization, security improvements are weighed against cost and operational risks to the business. In this heightened threat environment, senior management should consider cyber risks to the company and ensure that the entire organization understands that security investments are a top priority in the immediate term.
- Ask Questions: Senior management should ask questions about their organization cyber security stance. Request reports on vulnerabilities, patching, endpoint protection and backup statuses. Senior management should establish an expectation that any indications of malicious cyber activity should be reported to them. This will ensure you are able to immediately identify an issue and help protect against an attack.
- Understand Incident Response Plans: Cyber incident response plans should include senior business leadership. If you’ve not already done, senior management should gain familiarity with how your organization will manage a major cyber incident.
- Plan for the Worst: While the U.S. government does not have credible information regarding specific threats to the U.S. homeland, organizations should plan for a worst-case scenario. Senior management should ensure that crucial measures can be taken to protect your organization’s most critical assets in case of an intrusion, including disconnecting high-impact parts of the network if necessary.
Additional Resources:
- Russia Cyber Threat Overview and Advisories
- Sandworm Malware Cyclops Blink Replaces VPNFilter