With all eyes on Ukraine, CISOs and other security leaders are heeding the call of governments and intelligence agencies to “shield up.”
In recent weeks, nation-state threat actors have ramped up attacks from DDoS, destructive wiper malware and espionage to website defacement, influence operations and disinformation campaigns targeting Ukrainian infrastructure and civilians alike.
Nothing is certain in the uncharted cyber battle theater and, as NotPetya showed the world, such threats can quickly morph and escalate, creating waves far beyond their initial targets. In a February 25 SANs Institute webinar, SANS senior instructor and former DoD cyber expert Jake Williams noted that collateral damage from the devastating 2017 NotPetya attacks demonstrated the extent to which infrastructure around the world is connected through unfiltered B2B VPNs. As this interconnectedness remains largely the same today, any mass-spillover event will likely still be fueled by automated propagation, he cautioned.
As cyber defenders scrutinize their security strategies, infrastructures and regional suppliers for weaknesses, resilience is core to their mission.
The U.S. Cybersecurity and Infrastructure Agency (CISA) is emphasizing security leaders’ crucial role as defenders of national security, economic prosperity and public safety. In new guidance issued as part of its “Shields Up” awareness campaign, the agency urges corporate leaders to empower their CISOs with both resources and top-down support needed to bolster their organization’s cybersecurity posture during this time.
We strongly encourage organizations to review best practices outlined by CISA, SANS and other leading cyber authorities to help improve cyber readiness and resilience, with a strong emphasis on the following:
- Take steps to help ensure all available software updates have been made and current patches are fully installed.
- Maximize existing investments in continuous monitoring and detection capabilities to identify anomalous behavior quickly, relying on AI and automation to scale coverage.
- Closely examine your network of remote vendors to identify providers working in affected geographies. Enforce necessary precautions, such as network traffic monitoring and strong access controls.
- Inventory your B2B VPNs, block high-risk protocols on them and be prepared to disconnect them, should it become necessary, per SANS guidance.
- Revisit your contingency plans and test backup procedures.
- Minimize potential attack impact by enforcing key identity-centric security practices, such as requiring multi-factor authentication (MFA) and monitoring privileged sessions.
With constant vigilance and an assume breach mindset, you can boost your cyber resilience and defend your organization with confidence.
We at CyberArk remain steadfast in our mission to help organizations secure their most valuable assets — no matter the current risk environment. This commitment extends to our own security practices and standards. To learn how we are continuously enhancing our cybersecurity posture, visit the CyberArk Trust Center.
Additional reading and resources:
- CISA “Shields Up” Guidance and Resource Library
- SANS Cyber Resource Center
- SANS Institute webinar, “Russian Cyber Attack Escalation in Ukraine – What You Need to Know”