State Sponsored Cyberwarfare at Your Doorstep: What Can You Do?

Theater of war is not limited to the grounds of faraway lands; your critical infrastructure is a tempting target for those looking to cause disruption or destruction as a part of their warfare. The recent armed conflict has highlighted what is possible and the potential for those state sponsored actors. In the US, the Cybersecurity and Infrastructure Security Agency (CISA) has released recommendations on how organizations can protect themselves. No organization, no matter the size or area of business, is safe from such attacks, so it is time to review your security and make sure you are ready to respond and recover in case you are attacked. 

Zero Trust Architecture

In our connected world, everything is accessible to everyone, including your critical infrastructure. Employing a Zero Trust architecture will allow you to ensure that only authorized users can access what they need. There are simple solutions you can employ to verify users and access, but how extensive of a Zero Trust system you want to employ will be driven by your business and security needs. Below are some things you can do today with elements you already have in place: 

Allow only managed (mobile) devices to access corporate resources, to ensure corporate data is only accessed from, handled by, and stored on devices where security can be enforced using encryption, coupled with possible app containerization on mobile devices (especially for BYOD devices) 
Allow only legitimate, authenticated, authorized, and secured remote accesses to your infrastructure, using Virtual Private Network (VPN) technology coupled with Multi-Factor Authentication (MFA); if available, use in combination with a behavior-based security solution (e.g., UEBA) 
Control all traffic to your organization’s services and resources 
- For on-premises resources, review your firewall/proxy server configuration and only allow necessary, business-critical traffic 
- For cloud-based resources, it is recommended to use a Zero Trust Network Access (ZTNA) solution to control access to them. For example, only managed, trusted, and safe devices can connect, as these resources are online by default and thus virtually available to anyone, anywhere

Reduce the Surface of Attack

The less there is to attack, the less damage cyber criminals can make to your infrastructure: 

Disable any exposed, non-business essential services 
Update all your systems (both OS and apps), prioritizing all security patches for known CVEs 
Using your UEM solution, ensure all endpoints are also running latest OS version 
- For personal devices, instruct your employees to regularly update their device OS and apps

Ensure You Can Detect Intrusions

It is important to be able to detect intrusions to stop them before they unfold into an attack that could cause serious damage: 

Make sure ALL your endpoints, personal and corporate, are protected by an antivirus/antimalware solution, preferably a Mobile Threat Defense (MTD) solution on your mobile devices and an Endpoint Protection Platform (EPP) on your desktop computers and servers 
If using an Endpoint Detection and Response (EDR) solution, it is recommended to increase the logging level of ensure more potential attack (or attempts) can be caught and acted upon

Ensure You Can Respond to Intrusions

Confirm ownership of the cybersecurity response (who, what, how) 
- Make sure key people are defined and available, 24/7 
Provide clear guidance for employees in case their computer/mobile device is compromised 
- Who to contact, how, what to do with hacked device?

Ensure You Can Recover from an Attack

Make sure you have a backup of all critical corporate data and make sure they work 
- Isolate backups and HA/DR resources as much as possible 
Ensure HA is enabled when available on Mission Critical on-prem resources 
Update your Disaster Recovery (DR) plan if needed 
Test your DR plan! Don’t wait only to realize it doesn’t work

Train Your Employees

Your employees are your first and last line of defense against any attack to your infrastructure. 

According to CISA, 90% of successful cyberattacks start with email phishing, where human beings are the weak link. Even the best antispam solution in the market cannot filter/flag 100% of all email threats – a very small but nonetheless important portion of emails still rely on your employees not clicking on any link or opening any file they receive

Make sure you have a proper password policy in place (complexity, expiration, storage)

It’s always a good idea to periodically reassess your critical infrastructure and see where you can improve and strengthen your security. By employing a Zero Trust architecture, reducing the surface of attack, and ensuring your employees are trained and prepared on responding to and recovering from an intrusion, you stand the best chance of keeping your infrastructure safe and sound. 
 
For more comprehensive information about security posture, please review our two-part blog post about the “Security Maturity Model” (part 1 and part 2) as well as our recent post regarding cybersecurity products. Please feel free to contact the team at ISEC7, and we can help you navigate the options available to you to help strengthen and protect your infrastructure.  