A new publication, CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats, provides a checklist of actions to take to reduce the likelihood of a cyber intrusion; detect a potential intrusion; be prepared to respond to an intrusion; and maximize resilience to a cyber incident.
The guide suggests the following actions:
To reduce the likelihood of a cyber intrusion
- validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication
- Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities
- Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes
- If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls
- Sign up for CISA's free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.
To detect a potential intrusion
- Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior
- Enable logging in order to better investigate issues or events
- Confirm that the organization's entire network is protected by antivirus/antimalware software and that signatures in these tools are updated
- If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic
To prepare to respond to an intrusion
- Designate a crisis-response team with main points of contact for a suspected cybersecurity incident
- Assure availability of key personnel
- Conduct a tabletop exercise to ensure that all participants understand their roles during an incident
To maximize resilience to a destructive cyber incident
- Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack
- Ensure that backups are isolated from network connections
- Test manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted
A link to the guidance may be accessed by clicking here.