Are you concerned about the security of your organization’s essential services? If not, you should be. Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety. Over the past year, cyber incidents have impacted many companies, non-profits, and other organizations, large and small, across multiple sectors of the economy. In this blog post, we will discuss some of the most common cyber threats to essential services and what organizations need to do to protect themselves.
Most recently, public and private organizations in Ukraine have suffered a bevy of malicious cyber incidents, including the NotPetya ransomware attack, power outages, and disruptions to transportation systems. While Ukraine has been a particularly vulnerable target, all organizations should be aware of these and other cyber threats that could impact their essential services.
The following insights are intended to ensure that senior leadership at every organization in the United States are aware of critical cyber threats to essential services and understand what they can do to protect their organizations.
Reduce the likelihood of a damaging cyber intrusion
- Validate that all remote access to your organization’s network and privileged or administrative access requires multi-factor authentication.
- Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
- Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
- If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.
Take steps to quickly detect a potential intrusion
- Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
- Confirm that the organization’s entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
- If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.
Ensure that the organization is prepared to respond if an intrusion occurs
- Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal, and business continuity.
- Assure availability of key personnel; identify means to provide surge support for responding to an incident.
- Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.
Maximize the organization’s resilience to a destructive cyber incident
- Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections.
- If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.
By implementing the steps above, organizations can reduce the likelihood of a damaging cyber intrusion and, if an incident occurs, be better prepared to respond quickly and effectively.
Your organization could benefit from a cybersecurity review. Reach out to us via our contact page and we can help to identify exposed systems and deliver solutions that will assist you and your organization in being better prepared.