Understanding the Shields Up Initiative
By Andrew Roberts, Chief Cybersecurity Strategist, cStor
In the days leading up to the current conflict between Ukraine and Russia, the US Department of Homeland Security (US DHS) Cybersecurity and Infrastructure Security Agency (CISA) was concerned about potential cybersecurity threats and attacks targeting US organizations. This led to their Shields Up initiative, designed to help Americans prepare and protect themselves from cyberattacks.
In addition to proving that CISA has at least one powerful Trekkie in its midst, Shields Up takes a proactive, multi-faceted approach to improve our nation’s cybersecurity. First and foremost, they request faster reporting of incidents and anomalous activity to either CISA or the FBI. Fast reporting will allow the government to improve situational awareness and adjust our response. Beyond reporting, Shields Up gives solid advice for three audiences: organizations, CEOs and leaders, and the general public.
Guidance for All Organizations
Reduce the likelihood of a damaging attack by taking proven preventative measures including implementing multi-factor authentication (MFA), staying on top of your patch management process, disabling unused ports, implementing strong cloud security controls, and being mindful of cyber hygiene.
Enable quicker detection of attacks by actively looking for unexpected or unusual traffic, enabling logging to allow for investigation, making sure your antivirus protection covers all your assets, and (when relevant) paying close attention to traffic from Ukraine and/or Russia.
Prepare to respond to attacks by having a response team in place that has the necessary key personnel and rehearsing those responses with tabletop exercises.
Maximize resilience so you can quickly recover by focusing on your backups and making sure you have an offline and/or immutable copy that will always be available when you need it.
Recommendations for Corporate Leaders
Leaders, the Shields Up recommendations are your opportunity to make sure your organization knows how important cybersecurity is to you. By empowering your CISO and including them in the decisions about risk in your company, you can get better perspectives on the cyber risks you assume. Lower reporting thresholds so that cyber incidents make it to you sooner and participate in response tests so your teams know you take it seriously. Don’t stop with response plans – look for resilience and continuity so your business can both recover and continue operating during an attack.
Steps Americans Can Take
Shields Up doesn’t stop with advice for organizations, they also include steps the public can take to make themselves safer. Steps like implementing multi-factor authentication and keeping software up to date are critical.
What Can I Do?
Start with your family. Help them understand that MFA provides so much more protection, and it’s worth that small extra step. Talk to them about the importance of updating software and looking at emails with a skeptical eye.
Knowing your family is safer will help you focus on protecting your organization. Make sure you have the recommended items in place. If not, make those tactical moves now to beef up your security. Engage with your leadership and get them involved.
The Shields Up recommendations are solid tactical moves you can make right now to better protect your organization. Find a good partner to help you identify the right tools to fill your gaps and get them implemented as quickly as possible. If you have not laid out a forward-looking cybersecurity strategy, today’s increased visibility is an excellent opportunity to get started.