War is one of humanity's oldest and most merciless, dehumanizing, and abhorrent acts. In the modern age, war is also now publicly documented, with a constant, unmoderated stream of updates on social media taking us right to the place events are unfolding, throwing into stark relief the individual and personal impacts of war as it happens. We are seeing this now with the war on Ukraine. Perhaps this shared experience will make the world reflect on the impact and implications of war—and will give nations and their leaders pause in the future. I hope for peace, for the safety of the Ukrainian people, and for the continuation of a free and independent Ukraine.
Another lesson of the war between Russia and Ukraine is that the parameters of the battlefield have evolved tremendously in the last 20 years. Wars are fought on battlefields and oceans and in the skies above us. Increasingly, they are also fought on the network, as combatants seek to weaken their enemies by compromising systems, data, and critical infrastructure.
Earlier this week the Cybersecurity & Infrastructure Security Agency (CISA), in conjunction with the FBI issued a new Shields Up warning based on the Russia/Ukraine conflict, advising organizations to adopt a heightened security posture and prepare for the likelihood of an attack.
With its Shields Up warning, CISA provides concrete guidance about where organizations should focus their efforts at this moment of crisis. The warning also offers clear, straightforward, and actionable recommendations for corporate leaders and executives around how they can best support security teams and prepare their organizations for a worst-case scenario. This includes ensuring visibility and support for CISOs and SecOps teams, lowering reporting thresholds for threat activity, and testing plans and capabilities around incident response and business continuity.
As a CEO, I hope corporate and organizational leaders take this guidance to heart and implement it, to the greatest extent possible, for the duration of this heightened alert period and in the future. As leaders, it is essential that we trust the people we hired, and to empower them to succeed in the role for which they were hired. Now is the time to reinvigorate a critical relationship between our cyber defense teams and the rest of the businesses. What CISA is asking on behalf of every CISO and every security practitioner is this: Cybersecurity is essential to your business, and we have reached a moment when it is at incredibly high risk. Give your security teams your full support by resourcing them, and then let them do what they do best—defend your systems, your data, and your organization.
Get a Complimentary Shields Up Security Assessment
To help leaders like you establish that communication, I'd like to offer some lessons I've learned throughout my career, and some advice that I've taken to heart on my leadership journey.
- Take the time to get briefed on your current security posture, both immediately and on an ongoing basis moving forward. Understand your organization's overall security posture, including areas of strength and weakness. Understand the challenges your security teams face and get them the resources they need to be successful in the modern threat landscape. Many executives and boards have governance structures that require periodic readouts, but building a strong relationship as a baseline can ensure that your organization is prepared for a real event.
- Ensure that executive leadership is fully briefed on incident response, crisis management, and business continuity plans. This helps leadership refresh their understanding of the role they and their organizations play if events unfold. Incident response plans should include assessment of each executive's departmental response readiness, and the results should be reported back to the full executive team. Taking these steps will help uncover issues that need to be resolved quickly, strengthening your overall security posture.
- Assess the security infrastructure protecting your organization. At minimum you should understand:
- How often software is updated, including vulnerabilities commonly exploited by Russian threat actors (See CISA's Shields Up Guidance for a list). You should also understand your organization's policies regarding automatic updates, which are generally a best practice but increase the risk of a software supply chain attack.
- How frequently critical systems and data are backed up, how the backups are protected from compromise, and how readily systems can be restored in the event of a breach.
- What identity management and multifactor authentication tools and processes are being used, and ensuring that they are fully operational.
- How your organization monitors, manages, and protects endpoints, including both traditional endpoints like servers and computers, as well as IoT and employee devices.
- How you are managing the risks associated with the use of public cloud applications and infrastructure, and your organization's areas of responsibility versus those of the cloud provider.
- How your network is secured, including your ability to detect, remediate, and investigate threat activity on the network.
As you start a discussion with your security and technical teams, also keep in mind that systems integrators, managed services providers, channel partners, and technology vendors have expertise and services that can help organizations scale up defenses during times of high alert, and help assess organizational readiness to defend against advanced threats.
At ExtraHop, we are standing by to help our customers with any concerns or questions. At this critical moment for so many organizations, we are dedicating resources to ensure that organizations get the support they need to effectively defend their networks from attack. To learn more about how we can help assess your security posture (including identifying devices still vulnerable to Log4Shell), contact us at firstname.lastname@example.org. We also have new recommendations for how to implement and mature CISAs Shields Up guidance for organizations.
CISA's Shields Up warning and associated guidance is a reminder that we are united in a common mission: To defend our organizations, our customers, our employees, and our data, against advanced attacks. That mission is more important now than ever, and you have our full support.