CISA Urges US Companies to Take These Immediate Cybersecurity Measures

Last updated on August 9, 2023

The Cybersecurity & Infrastructure Security Agency (CISA) has published CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats. Every organization in the United States is strongly urged to follow the steps outlined in this document to reduce the likelihood of a damaging cyberattack. The key goal is to maximize the company’s resilience and ensure preparedness for a potential security incident.

CISA Insights divides the security steps every organization ought to take into four groups:

1. Incident Risk Mitigation – steps to take to reduce the likelihood of a damaging cyber intrusion 
2. Intrusion Detection – steps you should take to quickly detect a potential intrusion
3. Incident Response – how to ensure that the organization is prepared to respond if an intrusion occurs
4. Incident Resilience – what to do to maximize the organization’s resilience to a destructive cyber incident

Incident Risk Mitigation

First and foremost, CISA strongly urges leaders of all organizations across the United States to validate that:

1. All privileged and administrative access inside the company’s network requires Multi-Factor Authentication (MFA)
2. All remote access to the company’s network requires Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) is a crucial component of every cybersecurity attack mitigation plan. Deploying an MFA solution across your critical infrastructure prevents up to 99.9% of all attacks.

In addition to the deployment of Multi-Factor Authentication, organizations should ensure that all software is up to date. Special emphasis should be put on the Known Exploited Vulnerabilities Catalog. This CISA-curated list enumerates all detected exploits within commercial software along with vulnerability descriptions and actions you can take to patch these vulnerabilities.

Moreover, each company should disable all protocols and ports that are not crucial for business purposes. Seldom-used ports and protocols are a common vector of cyberattacks.

Furthermore, organizations that use cloud services should study and implement strong security controls described in CISA’s Analysis Report (AR21-013A). CISA sees enforcing Multi-Factor Authentication (MFA) on every single user as one of the key ways of strengthening a company’s cloud security.

Last but not least, CISA invites companies to sign up for CISA’s cyber hygiene services. CISA cybersecurity assessment services are free and can help your company reduce the likelihood of a successful security incident.

Intrusion Detection

Every company needs ways to rapidly detect and handle malicious intrusions. CISA outlines the following tips on how to do that.

Your IT personnel should concentrate on identifying and assessing all uncommon network behavior. Enable company-wide logging to make the investigation of events and issues easier and faster.

Confirm that your entire network is protected by up-to-date antivirus and/or antimalware software. It is key to define an auto-update policy that will ensure the continued protection of all your employees and resources.

In light of the recent cybersecurity incidents in Ukraine, you must give greater attention to inspecting, monitoring, and isolating traffic from Ukrainian organizations. If your company works with Ukrainian organizations, closely review access controls for that traffic.

Incident Response

Incidents are frightening and it is best to avoid them, hence the need for a strong incident risk mitigation strategy. However, should an incident happen to your company, you need to be prepared to rapidly respond to the incident and make your financial and reputational costs as little as possible.

CISA Insights recommends that you designate a crisis-response team that will assess, document, and respond to a cybersecurity incident. Such a team will also help your company recover from the incident, including addressing the needs of your employees and education in the aftermath of the incident.

You need to ensure that in the event of an incident, all personnel is ready to act. Everybody needs to know what they have to do and how to do it well. You can conduct a mock incident test that will prepare your employees and help them better understand their role in the incident response plan.

Incident Resilience

CISA Insights lists two main steps of incident resilience.

The first incident resilience step is to test backup procedures. You need to be sure that critical data can be safely and quickly restored in the event of a ransomware attack. It is of utmost importance to ensure that backups are isolated from the network connections so that a potential attack cannot damage your backups.

The second incident resilience step companies that use industrial control systems or operational technology can take is to conduct tests of manual controls and ensure that critical functions remain operable if the organization’s network is unavailable or untrusted

Reduce the Risk of a Successful Cyberattack in 2022

Implement the steps listed in CISA Insights as soon as possible to improve your security posture and minimize the likelihood of a successful cyberattack on your organization.

Rublon can help. Hop on your Rublon Multi-Factor Authentication (MFA) ride by starting a Free 30-Day Trial.