As governments warn about more cyber threats due to the Ukraine crisis, it's time to follow published guidance and take common-sense precautions. Credit: Ed Brambley / Gerd Altmann The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently issued a Shields Up advisory in response to the evolving Russia-Ukraine conflict. The agency noted, “The Russian government has used cyber as a key component of their force projection over the last decade,” and warned that Russia might consider actions aimed to disrupt outside of Ukraine.Should you do anything at this time to protect your firm? There’s no need to scramble and make drastic changes to your network. Rather, use these events as a reason to review your network and plan for future changes. Here’s a list of actions to take:Review and update incident response plansReview your incident response plans. Are they up to date? Do they account for the type of disruptive attacks we’re seeing Russia carry out in Ukraine?Follow published hardening advice for destructive attacksReview the Hardening to Protect Against Destructive Attacks guidance from Mandiant. As Mandiant and CISA point out, start first by examining all remote access to your network and set up multi-factor authentication (MFA). NO ONE should be logging in remotely without some sort of additional authentication besides a mere password, whether that’s a two-factor application or a token that provides a number that you must enter. Use external sources of threat informationWhether it’s through a tool colleagues on a forum or chat session, have a means to share information and get advice you trust. Look for industry-specific information. If you currently do not have such a resource, look to government channels such as Infragard in the United States, and your local computer security resource from your country. Other resources that are available to all is the guidance and information from CISA as well as Australian Cyber Security Centre as well as the UK National Cyber Security Centre to name just a few resources.Assess risk to internet and network connectivityIf you are in an area of risk, internet and network connectivity may be at risk. Already we’ve seen rumors of attacks against banks and businesses in Ukraine. Remember that the Maersk ransomware attack was originally targeted against Ukrainian businesses. The NotPetya ransomware targeted companies in Ukraine, specifically going after government, financial and energy institutions in June 2017. Review risk of business, infrastructure ties to RussiaIf any of your cloud deployments are on servers in Russia, you may want to consider moving that data to a different datacenter. If you use software developers or IT support from Russia or surrounding countries, consider the impact to your network as well. Review and analyze your options accordingly.Review the basics, catch up on patchingIt’s been a troubling few months of patching side effects and some of you may have skipped patching. Review the list of known exploited vulnerabilities as identified by CISA to ensure that you have at least patched for these.Consider using your firewall to block access to only those locations and sites that truly need access to your network. For cloud services this can be an extreme task, but for on-premises servers that are not providing services to all, review who really needs access and why. Pare down the access on your domain controller to those that truly need access to the site.Log relevant informationLog all the information that will provide you with actionable information should an attack happen. If you feel at higher risk and you have a Microsoft 365 subscription, you can turn on the higher E5 security subscription for some, not necessarily all users in your organization. If you’d like additional logging, investigation and protection for specific users, you can do so with Microsoft 365 subscriptions.Test backup and restore processesWhen restoring systems, ask yourself if you could restore a large number of services at the same time. Do you have a checklist listing the steps of recovery and have you actually testing the restoration process? Can you estimate how long it will take to restore a single server as well as your entire network?Assess IT and security staff readinessHave you had exercises with your IT staff to see if they are ready for such a project? With the pandemic, many IT resources have been stretched thin and budgets may have been slashed. Review the impact of resources and staff on your Incident response plans to determine if priorities need to be shifted. Even if you are a small or medium sized business, review what options and resources you have. Use this time as a “what if” game to ensure that you are ready for risks to your own organization. Use tabletop games such as Backdoors and Breaches to generate sample risks to your organization to determine how you would react to these issues. The game cards represent realistic threats to your organization such as social engineering, web server compromise and credential stuffing.Assess network weaknessesScan your external network and consider analyzing your weaknesses with a penetration testing team or external consultant. If you work for a U.S. federal, state, local, tribal and territorial government, or public and private sector critical infrastructure organization, you can request CISA cybersecurity assessment services at no cost. Otherwise, you can at least identify risks through public search engines that look for vulnerabilities in your external network. Review what attackers can see about you from tools such as Shodan and Censys.Bottom line: Review your risks and attack weaknesses. Complex attacks often start with a simple hole that an attacker can use to wiggle in, perform lateral movement and investigation and lay in waiting until they want to attack you. Related content news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe