The Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning cautioning United States organizations of the heightened cybersecurity threats ...
This blog was authored by my colleague Barbie Housewright, Manager, Cybersecurity, Financial Institutions.
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning cautioning United States organizations of the heightened cybersecurity threats in the wake of conflicts between Russia and Ukraine. The CISA prompted financial regulators to instruct their financial institutions to reevaluate security and continuity planning. Regulators warn that the current cybersecurity threat landscape may exceed previously acceptable recovery arrangements.
Cybersecurity Advisory: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
The Cybersecurity Advisory, “Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure”, describes measures financial institutions can leverage to diminish threats and recommends organizations prepare for disruptions to technology systems by strengthening incident response, resilience and continuity plans to maintain critical activities in absence of technical resources. Organizations are urged to enhance their cyber posture by solidifying access, security, vulnerability, and configuration controls. The CSA further recommends subscribing to threat information monitoring related to these threats.
Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats
The CISA Insights article, “Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats”, published January 18, 2022, promotes awareness of critical cyber risks. Organizations are encouraged to take swift actions to diminish the likelihood and impact of a compromise, regardless of their size and complexity.
The article also provides a checklist to assist financial institutions in reducing the likelihood of a cyber incident, detecting an intrusion, preparing for intrusion response, and maximizing resilience when destructive incidents occur. The advisory references additional controls and resources for reporting incidents and anomalous activity and defending cloud services.
Financial regulators advise institution to review the cybersecurity advisory in its entirety, along with the CISA Insights article and promptly implement the controls documented within. Multiple resources are referenced regarding ransomware best practices and response checklists. The recommendation also encourages institutions to complete the Ransomware Self-Assessment Tool (R-SAT) to identify gaps in their ransomware protection strategy.
How can CLA Help
Collecting and analyzing a comprehensive set of controls and planning initiatives can be overwhelming and complex. CLA’s Outsourced Information Security Advisors can help you evaluate and enhance your program in preparation for the anticipated threats and impacts. Our advisors are experienced in performing the Ransomware Self-Assessment and assisting in training staff on best practices for avoiding a social engineering attack.
Want to learn more? Complete the form below and we'll be in touch. If you are unable to see the form below, please complete your submission here.Contact us