WP CISA Warns CISOs to Brace for Attacks | Imperva

CISA Warns CISOs to Brace for Attacks

CISA Warns CISOs to Brace for Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), a United States federal agency under the oversight of the Department of Homeland Security, is urging business leaders and those responsible for digital security to prepare for attacks and adapt their digital security posture. This is a direct result of heightened attacks in the current geopolitical environment.

In recent news, believed to be associated with cyber actors “who previously conducted destructive cyber activity against foreign critical infrastructure,” the FBI has further warned the U.S. energy sector about “network scanning activity” stemming from multiple Russia-based IP addresses which recently scanned 5 US energy firms looking for software vulnerabilities. In a press conference on Monday, President Biden reiterated the CISA warning stating that “evolving intelligence” suggests Kremlin-linked actors are “exploring options for potential cyberattacks.”

Biden Tweet

Why this is everybody’s problem

With 153 million new malicious malware programs already reported from March 2021 to February 2022, almost a 5% increase since the previous year, cyberattacks on an elevated scale are likely to become a global issue due to any spillover effect – the inevitable impact that events in one nation can have on the economies of another.

A legacy of national offensive activity

As early as 2017, NCSC and other sources – including private and public sector cyber security research organizations – reported that Russian state-sponsored actors were conducting spoofing ‘man-in-the-middle’ attacks. The aim of these was to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations. According to the chief of the UK’s cybersecurity agency, Lindy Cameron, cybercriminals from Russia and neighboring states were already behind the bulk of online extortion conducted against businesses and other organizations in the UK.

Things might not stay quiet for long

Since the beginning of 2022, CISA has reported that threat actors deployed destructive malware against organizations in Ukraine to disable computer systems and render them inoperable. In light of geopolitical tensions, CISA updated its “Shields Up” guidance for business. The cybersecurity agency is urging organizations to remain “laser-focused on resilience” following further successful cyberattacks using destructive malware, including the new WhisperGate and HermeticWiper, against several Ukrainian government websites.

“Every organization – large and small – must be prepared to respond to disruptive cyber activity,” the CISA guidance advises.

Ransomware and other cyberattacks are often used to gain leverage, and cyberattacks can weaken national security by crippling businesses and distribution. Without cyber defenses in place, regardless of their industry, vulnerable organizations could be particularly susceptible in the following months. With a current cybersecurity skill shortage and tighter budgets, smaller and regional organizations are likely to be ill-prepared for any targeted attack. Now is the time for them to act – and the best offense is a strong defense.

Businesses need to take action

As Russia explores options for potential cyberattacks on the U.S. energy sector, The US Cybersecurity and Infrastructure Security Agency (CISA) have warned that evolving intelligence has shown that there is a greater need than ever for all organizations, of all sizes, to act now to protect themselves against malicious cyber activity.

The recent “Shields Up” guidance issued by the CISA, plus those being advocated by Britain’s NCSC and The European Cybercrime Centre (EC³), further suggests that organizations should improve their resilience to possible cyberattacks as a matter of urgency.

All agencies place particular focus on essential defenses for guarding against a broad range of threats, including updates and critical patches that should be deployed with maximum expediency. They further advocate for the use of multifactor authentication, plus tested backup and recovery practices.

Given the current situation, it is incumbent on every organization, large and small, to do more to prepare for cyber attacks. Review your current cybersecurity recovery plan. If you currently have a security strategy, devise short- and long-term plans to harden your applications, defend your supply chain, and improve data security defenses. If your security strategy is less evolved, identify apparent risk exposure (e.g., vulnerability to phishing attacks), use resources already available to you today to shore up defenses, and begin considering a more durable long-term solution. Imperva can help.

For more information on strengthening your security posture at this time, please see this recent post from Imperva CTO Kunal Anand on preparing for heightened attacks in the current geopolitical environment.