I am certain everyone by now is aware of the Russian / Ukrainian physical war taking place. And, you probably know that the war also includes tactics to disrupt the communication and businesses of adversaries.
But what you might not realize is that in the eyes of Russia and its sympathizers, the U.S. and Western businesses are among those they consider to be adversaries. With the recent escalation between Russia and Ukraine, the US Cyber Security & Infrastructure Agency (CISA) issued a “Shields Up” warning to U.S. companies stating that “Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety. Over the past year, cyber incidents have impacted many companies, non-profits, and other organizations, large and small, across multiple sectors of the economy.”
We are seeing increases in cyber attack attempts ranging from novice phishing to those that are extremely well-orchestrated and we suggest that businesses take heed to these warnings and put your “shields up.” Here are a few things that our security and compliance team recommends.
We recommend that all clients adopt a heightened state of awareness and vigilance, implement proactive measures, and fortify their cyber incident response plans.
Now would be an opportune time to implement the following:
- Privileged User Protections including Privilege Identity Management and Multi-Factor Authentication to protect your privileged administrative-user accounts.
- Multi-Factor Authentication for ALL users. Organizations have shown to be slow to roll out MFA to all employees for a variety of reasons, namely, for fear of user-experience or perceived complexity. Well, the time is now to reconsider those objections.
- Get rid of the use of Legacy Authentication protocols (e.g., things that require only username and password to complete the access authentication process.)
- Apply greater vigilance on Identity behaviors including: impossible travel, improbable travel, anomalous user-activity, the use of unsanctioned anonymizers, and other behavioral identity signals. These all reveal patterns of identity-based attacks that should be investigated and remediated.
Note: Implementing MFA across the organization takes away 99.9% of the identity-based attacks that cyber attackers are actively targeting such as: brute-force password. password spray attacks, authentication-focused phishing attacks.
Catapult is available to assist our clients with proactive security defenses that include:
- To assess if your environment is secure, explore our Proactive Security Assessments.
- If you need immediate assistance, our Incident Response Team can help.
- Fortify your security teams with additional hands on support.
- Project assistance on implementations that harden your Microsoft operating environments.
Catapult is ready to assist…
Till next time,