Unless you are living completely off the grid, you know the horrifying war in Ukraine and the related geopolitical tensions have dramatically increased cyberattacks and the threat of even more to come.
The Cybersecurity and Infrastructure Security Agency (CISA) provides guidance to US federal agencies in their fight against cybercrime, and the agency's advice has proven so valuable that it's been widely adopted by commercial organizations too.
In February, CISA responded to the current situation by issuing an unusual "SHIELDS UP!" warning and advisory. According to CISA, "Every organization—large and small—must be prepared to respond to disruptive cyber incidents."
The announcement from CISA consisted of a range of recommendations to help organizations and individuals reduce the likelihood of a successful attack and limit damage in case the worst happens. It also contains general advice for C-level leaders, as well as a tip sheet on how to respond to ransomware in particular.
Breaking down the SHIELDS UP guidelines
There's a lot of stuff there - over 20 instructions and recommendations in total. How much can you really do? Digging into it though, many of the CISAs guidelines are really just basic security practices that everyone should be doing anyway. In the list of recommendations, the first two are about limiting user privileges and applying security patches – particularly those included in CISA's list of known exploited vulnerabilities. Everyone should be doing that, right?
Next, CISA recommends a list of actions for any organization that does get attacked. Again, these tips are fairly straightforward – quickly identifying unexpected network activity, implementing antimalware and antivirus software, and keeping thorough logs. Sensible advice but nothing ground-breaking.
And here's the thing – these activities should already be in place in your organization. There should be no need to "mandate" good practice and the fact that this "official advice" is needed says a lot about the general state of security in companies and organizations around the world.
Implementing the guidelines in practice
Security posture becomes weak due to missing technical know-how, resources, and a lack of strategy. That this happens is understandable to a degree because even though technology is core to the functioning of organizations it remains true that delivering technology services is not the core purpose of most companies. Unless you're in the tech sector, of course.
One way to address the current gaps in your practices is to rely on an external partner to help implement items that are beyond your capabilities or available resources... In fact, some requirements are unattainable without a partner. For example, if you need to update end-of-life systems you'll find that updates are no longer provided by the vendor. You'll need a security partner to provide you with those patches.
And patching is probably the lowest-hanging fruit in the security pipeline – but often patching doesn't get done consistently, even though it is highly effective and easy to implement. Downtime and maintenance windows are a drawback for patching and so are resource limitations.
The right tools for the job
Getting a regular patching cadence going would be the easiest step to following the "SHIELDS UP!" guidance, even if patching is tricky. The right tools can help: for some software components live patching technology can make all the difference. Live, automated patching tools remove the need to schedule downtime or maintenance windows because patches are applied without disrupting live, running workloads.
Automated patching – as provided by KernelCare Enterprise, for example – also minimizes the time between patch availability and patch deployment to something that's almost instantaneous, reducing the risk window to an absolute minimum.
It's just one example of how the right cybersecurity toolset is critical to successfully responding to the current heightened threat landscape. CISA provided solid, actionable suggestions – but successfully defending your organization requires the right tools – and the right security partners.