Shields Up Campaign Reinforces Need for Strong Cybersecurity
World Events Cause Warning for Expected Increased in Cyber Threats
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued their Shields Up campaign for both small and large organizations in order to prioritize “analysis of vulnerabilities that have been used by Russian cyber threat actors.”[1] In light of recent and ongoing events in Ukraine (which CISA states do include cyberattacks on Ukrainian government and infrastructure), as well as the cost imposed by United States sanctions against Russia, businesses have been urged by CISA to prepare for the potential impact of cyberattacks.
Industries Facing the Greatest Cyber Threat
According to an alert [2] released by CISA in February, industries currently facing the greatest threat from cyber actors include the following:
- Weapons Development
- Engineering
- Software Development and Information Technology
- Data Analytics
- Logistics
- Critical Infrastructure
Be Prepared Against All Cyberattacks
Aside from these industries, all organizations should be prepared against numerous common forms of cyberattacks, including spear phishing, credential harvesting and brute force/password spraying techniques. These attacks are meant to target any known vulnerabilities and exploit accounts and networks that have weak security points, allowing attackers to steal information from emails, contracts and details regarding product development, timelines, foreign partnerships and finances. The reality is that many of today’s cyberattacks are not random, but they are rather automated and targeted against numerous organizations utilizing a six-step approach:
CISA’s Cyber Protection Recommendations
CISA has provided numerous practical recommendations for cyber protection, including those specifically for organizations to adopt what CISA terms as a “heightened posture” for cybersecurity. Among these recommendations within the Shields Up campaign are the following key highlights:
- Reduce the chances of a damaging cyber intrusion – This includes implementing multi-factor authentication, updated software and strong controls on any cloud services used by the organization.
- Quickly identify a potential intrusion – Cybersecurity and IT personnel should be focused on quickly identifying unusual network behavior. CISA recommends exercising extra monitoring and review if working with any Ukrainian organizations.
- Ensure the organization can respond to cyber intrusion – A crisis-response team should be prepared to respond, especially in the areas of technology, communications, legal and business continuity.
- Maximize resilience in the event of a cyberattack – The organization should make sure that procedures are in place to quickly restore any critical data in case of a cyberattack or ransomware event, as well as ensure that important functions can remain in operation in case the network is compromised or unavailable.
If you are unsure where your organization’s cybersecurity stands, start with a cybersecurity assessment to understand how you stack up against industry best practices and identify the most significant risks to your business. Windham Brannon’s team of cybersecurity professionals can help you understand and identify your cybersecurity risks, as well as develop a security road map to protect your business and customers from cyberattacks. For more information about conducting a cybersecurity assessment for your organization, complete the form below.
[1] Shields Up. CISA.gov.
[2] Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology. CISA.gov. Feb. 16, 2022.
