Prepping for Cyber-Attacks

Privacy Plus+

Privacy, Technology and Perspective

Prepping for Cyber-Attacks. Since the invasion of Ukraine, the risk of cyber-attacks, and especially the risk of attacks against critical infrastructure, has increased significantly. Already, destructive malware deployed in Ukraine (i.e. WhisperGate, HermeticWiper, etc.) threatens to spill over into other countries, potentially harming critical assets and data of organizations worldwide.  And as sanctions on Russia ratchet up day by day, the risk increases that Russia will retaliate by cyber-attacks in this country. In this week’s post, we’re sharing some resources and suggestions that will help you and your organization reduce the risk of compromise and otherwise enhance your cyber posture, as well as some recent news on the same subjects:

Take Action:

Subscribe to CISA’s Alerts:  The Cybersecurity & Infrastructure Security Agency (CISA) maintains the National Cyber Awareness System, which publishes information about current security issues, vulnerabilities, and exploits. Unless you are already subscribed, we suggest that you and the person charged with cybersecurity at your organization subscribe now to receive these alerts.  A link follows:

https://www.cisa.gov/uscert/ncas/alerts

Review the NSA’s Network Infrastructure Security Guidance. This week, the National Security Agency (NSA) released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance.  The report highlights best practices for responding to cyber threats.  A link follows:

https://media.defense.gov/2022/Mar/01/2002947139/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDANCE_20220301.PDF  

Recommendations made in the report may be useful to you as tool for benchmarking and improving your organization’s preparedness for a cyberattack. Those recommendations include proper network segmentation and monitoring and access controls throughout the network. The report also captures the importance of password complexity, multifactor authentication, and encryption. 

Update all Operating Systems, Software and Apps. Timely updates are one of the most efficient and cost-effective steps you and your organization can take to reduce its exposure to cyber threats. Automate updates when possible. Also, consider upgrading hardware and software, as necessary, to take advantage of vendor-provided security capabilities. 

Enhance Passwords and Enable Multi-Factor Authentication and Encryption.  If you’ve been delaying up-securing your own digital life, we suggest that now is the time to improve.  Please refer to our post, entitled “5 Tips for Protecting your Home Network and Devices”, which is available at the following link:

https://www.hoschmorris.com/privacy-plus-news/5-tips-for-protecting-your-privacy

At a minimum, we suggest enabling multifactor authentication on your important accounts.  We like using LastPass Authenticator, which is available in the App Store.  We also use the LastPass Password Manager, which available by subscription by clicking on the link that follows:

https://www.lastpass.com/

Consult CDC Resources on Emergency Preparedness.  Because cyber-attacks can create devastating emergencies, like disrupting or contaminating our drinking water, it is also important to have a broader disaster preparedness plan in place.  The Centers for Disease Control (CDC) publishes extensive recommendations, including gathering cash, important documents, medications, a power source, and at least 3 days of food and water (for your whole family, including your pets).  A link to the CDC’s Emergency Preparedness webpage follows. 

https://www.cdc.gov/prepyourhealth/takeaction/index.htm

Some Progress at the Federal Level:

On Tuesday of this week (just before the State of the Union address), the Senate passed the “Strengthening American Cybersecurity Act,” calling for (1) federal contractors, agencies, and critical infrastructure operators to report cyberattacks within 72 hours; (2) modernizing cyber security requirements and elevating CISA’s role in overseeing federal cybersecurity; and (3) addressing the GSA’s FedRAMP cloud program which authorizes cloud servers for federal government use.  The Act will still need to be passed by the House, but it is said to have bipartisan support. You can read more about the Act here:

https://federalnewsnetwork.com/cybersecurity/2022/03/spurred-on-by-russia-senate-bill-carries-slew-of-cyber-requirements-for-agencies-industry/

Final Thoughts on Cyber-Attack Preparedness:

The Strengthening American Cybersecurity Act is a small step in the right direction, but is not the giant leap this country needs. We agree with this sobering editorial from the New York Times – published the day after that Act cleared the Senate -- that the “decentralized nature of the American government does not lend itself to fighting foreign cyberthreats,” and that “[i]t’s time to move past partisanship and standard objections to regulation” and create a “central cyber regulator”:

https://www.nytimes.com/2022/03/04/opinion/ive-dealt-with-foreign-cyberattacks-america-isnt-ready-for-whats-coming.html

---

Hosch & Morris, PLLC is a boutique law firm dedicated to data privacy and protection, cybersecurity, the Internet and technology. Open the Future℠.

 

 

Previous
Previous

Clearview AI is “Persona non Grata”

Next
Next

The Perfect Storm: Facial Recognition