Threat actors thrive in times of chaos and confusion, and we are in such times today. The eruption of violence over the border into Ukraine by one of the world’s most aggressive perpetrators of state-sponsored cyberattacks, and threats of retaliatory cyberattacks on nations providing aid to Ukraine should put all organizations on high alert and give urgency to taking inventory of standing security plans and readiness.
The U.S. Cybersecurity & Infrastructure Security Agency’s (CISA) Shields-Up program “recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets,” providing resources and guidance to ensure organizations prepare for possible attacks. CISA’s recommendations include:
- Reduce the likelihood of a damaging cyber intrusion – Validate remote access and administrative privileges; ensure that software and vulnerability patches are up-to-date; disable all ports and protocols that are not essential for business purposes; affirm strong cloud services controls are in place; and implement training and use of good cyber hygiene.
- Take steps to quickly detect a potential intrusion – Quickly identify, investigate, and act on unusual activity; update threat intelligence for systems that use it; be particularly careful with activities involving Ukrainian organizations.
- Ensure that the organization is prepared to respond if an intrusion occurs – Stand up a crisis-response team with necessary resources and information; make sure key personnel are available in the event of an incident; test your plan in advance.
- Maximize the organization’s resilience to a destructive cyber incident – Back-up critical data and review procedures; isolate backups from connected systems; make certain manual controls are operational in the event of attacks on industrial control systems or operational technologies.
CISA’s advice is solid, best-practice guidance that should be standard operational procedure for all organizations even in the best of times. But for many organizations, especially those whose IT estates are characterized by sophisticated, highly complex, and heterogeneous systems, preparation must go deeper. This is especially true for organizations with functions that provide vital services to their communities, like hospitals and healthcare organizations, operators of critical infrastructure, and communities that have adopted smart-city technologies.
Pay Attention to Connected Devices
Such organizations should pay particular attention to the connected devices they rely on, ensuring those devices are properly categorized by their function, and that mission-critical devices are segmented, with policies in place that ensure such devices are able to be isolated from the network, protected while remaining in service.
Bilateral communications of all devices must be monitored, as well as their behavior, to ensure no suspicious activity is taking place. Because connected devices are designed to carry out narrowly defined operations, any changes in behavior—measured against a known baseline—must be regarded as suspicious, triggering applicable security policies. Devices that communicate externally are especially vulnerable.
Patch management for devices should be brought up-to-date immediately, but for medical devices that may have restrictions prohibiting modifications, segmentation and appropriate policy application must be implemented. And, of course, all employees should be reminded of their individual responsibility to be aware of common threats like phishing schemes, practice good cyber hygiene, and to be alert for any unusual activities they see with any connected systems they use. The “see something, say something” adage applies here.
If you are an Ordr customer, know that—as has been our commitment from the start—we stand ready to answer your questions and to provide support to your organization at this time of heightened concern. We are confident that our Ordr platform will be an invaluable resource for you as you scan your IT estate for threats and vulnerabilities.
Be ready. Be safe. And to the people of Ukraine, know that our thoughts and prayers are with you.
Greg joined Ordr as CEO in December 2018. Previously, he was VP Business Operations for the HPE Aruba Group, the 4,000 person networking and IoT business unit of Hewlett Packard Enterprise. In that role, Greg was responsible for leading the business integration of Aruba and HP Networking following HP’s $3 billion acquisition of Aruba Networks in 2015. Greg held multiple prior senior executive positions within Aruba, including SVP Business Operations, GM of network management software, GM of outdoor and mesh products and VP of Marketing. Greg joined Aruba in 2008 through its acquisition of AirWave Wireless, a network management software provider that Greg founded and led. Greg received his M.A. from Stanford University and his B.A. from Amherst College.
Follow by Author