The Cybersecurity and Infrastructure Security Agency (CISA) has published a new CISA Insights guideline document with steps organizations can take against potential critical cybersecurity threats.
CISA released the guidelines after recent public and private entities in Ukraine were targets in recent cybersecurity attacks.
“This CISA Insights is intended to ensure that senior leaders at every organization in the United States are aware of critical cyber risks and take urgent, near-term steps to reduce the likelihood and impact of a potentially damaging compromise,” CISA wrote.
CISA provided five steps to help reduce the likelihood of cyber intrusion:
- Validate multi-factor authentication (MFA) enabled for users with network and administrative privileges.
- Make sure all software has been patched and up to date (see CISA’s known exploited vulnerabilities database).
- Disable all ports/protocols not needed for essential business purposes.
- Implement strong cloud controls if relevant for your organization.
- Sign up for CISA’s free cyber hygiene services, including vulnerability scanning, to help reduce exposure.
Moreover, CISA also provided additional steps organizations can take to quickly detect a potential intrusion, how to prepare for potential intrusion, and how to help maximize resiliency.
By following these guidelines, “all organizations can make near-term progress toward improving cybersecurity and resilience,” CISA said.