Take 'Urgent' Steps to Secure Systems From Damaging Attacks, CISA SaysTake 'Urgent' Steps to Secure Systems From Damaging Attacks, CISA Says
CISA issues alert for senior leadership of US organizations amid rising tensions between Russia and Ukraine.
January 18, 2022
The US Department of Homeland Security's Cybersecurity & Infrastructure Security Agency (CISA) today published a bulletin for senior leaders of US organizations to "immediately implement" a list of specific security steps.
The CISA Insights bulletin comes on the heels of a joint advisory it issued along with the FBI and NSA on Jan. 11 on how to detect, respond to, and mitigate cyberattacks from Russian state-sponsored hacking groups. Today's guidance comes amid rising diplomatic tensions between the US and Russia, and Russia's saber-rattling toward Ukraine.
CISA said US organizations of all sizes should "take urgent, near-term steps to reduce the likelihood and impact of a potentially damaging compromise." Specifically, they should deploy multifactor authentication for all privileged or administrative accounts; update software and prioritize patches that fix exploited flaws CISA has identified; disable all unneeded ports and protocols; employ strong cloud controls per CISA's guidance; and other security best practices.
And in a nod to the stark geopolitical threat at hand, CISA said: "If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic."
Microsoft recently detailed a destructive malware operation against multiple organizations in Ukraine aimed at leaving targeted systems inoperable.
Read more here.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingDec 12, 2023
SecOps & DevSecOps in the CloudDec 14, 2023
What's In Your Cloud?Jan 17, 2024
Everything You Need to Know About DNS AttacksJan 18, 2024
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
Identity Access Management 101