By Tim Boivin
Following Russia’s invasion of Ukraine, the U.S. Government’s Cybersecurity and Infrastructure Security Agency (CISA) issued a Shields Up Alert warning of the “potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine.”
CISA recommends that all organizations should adopt a heightened cybersecurity posture to protect their most critical resources. Many organizations are already taking a Zero Trust approach to their IT security, which helps them address many of the recommendations that CISA has set out in this alert.
For instance, many enterprise organizations around the world that rely on Total Access Control (TAC), our Zero Trust solution, are already able to:
- Enforce multi-factor authentication for any and all remote, privileged and administrative access to their hybrid network, significantly strengthening protection of both their local and cloud resources.
- Protect their infrastructure against attacks that look to exploit vulnerabilities due to missed software updates or patches.
- Close open ports that bad actors such as Russia and other nation-states traditionally target in these types of attacks.
Any resource published exclusively through TAC, with authentication turned on, is protected from these threats. Resources protected by TAC are invisible to the bot scans hackers use to exploit vulnerabilities across these organizations’ hybrid infrastructure, local and cloud, as long as they are only published through TAC.
In the alert, CISA also urges all senior leaders to take the following steps to ensure their organizations adopt a heightened security posture:
- Empower Chief Information Security Officers (CISO): In this heightened threat environment, senior management should empower CISOs by including them in the decision-making process for risk to the company, and ensure the entire organization understands that security investments are a top priority in the immediate term.
- Lower Reporting Thresholds: Every organization should have documented thresholds for reporting potential cyber incidents to senior management and to the U.S. government. In this heightened threat environment, these thresholds should be significantly lower than normal. Senior management should establish an expectation that any indications of malicious cyber activity, even if blocked by security controls, should be reported, as noted in the Shields-Up website, to CISA or the FBI. Lowering thresholds ensures that organizations are able to immediately identify an issue and help protect against further attack or victims.
- Participate in a Test of Response Plans: Cyber incident response plans should include not only an organization’s security and IT teams, but also senior business leadership and Board members. Senior management should participate in a tabletop exercise to ensure familiarity with how their organization will manage a major cyber incident, to not only their company, but also to companies within their supply chain.
- Focus on Continuity: Recognizing finite resources, investments in security and resilience should be focused on those systems supporting critical business functions. Senior management should ensure that such systems have been identified and that continuity tests have been conducted to ensure that critical business functions can remain available subsequent to a cyber intrusion.
- Plan for the Worst: While the U.S. government does not have credible information regarding specific threats to the U.S. homeland, CISA advises organizations to still plan for a worst-case scenario. Senior management should ensure that exigent measures can be taken to protect their organization’s most critical assets in case of an intrusion, including disconnecting high-impact parts of the network if necessary.
PortSys stands ready to help any organization meet this immediate threat as well as their long-term IT security challenges. If you would like to speak with one of our experts about your unique challenges, please contact us at +1 781-996-4900, +44 208 196 2420, or info@portsys.com.