Crisis in Ukraine Calls for Cybersecurity Assessments

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued guidance related to the potential for Russian destabilizing actions that may impact others outside of Ukraine.

CISA recommends all organizations – regardless of size – adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets…

Reduce the likelihood of a damaging cyber intrusion

  • Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.
  • Ensure that software is up to date, prioritize updates that address known exploited vulnerabilities identified by CISA.
  • Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
  • If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.

Take steps to quickly detect a potential intrusion

  • Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging to better investigate issues or events.
  • Confirm that the organization’s entire network is protected by antivirus/anti-malware software and that signatures in these tools are updated.

Ensure that the organization is prepared to respond if an intrusion occurs

  • Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal, and business continuity.
  • Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.

Maximize the organization’s resilience to a destructive cyber incident

  • Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections.
  • If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network becomes unavailable or untrusted.

Need some extra support to improve your organization’s cybersecurity and resilience? DataLink can help.

Contact us today.
(410) 729-0440 | Email