According to an article from ZDNet,
“The US Cybersecurity and Infrastructure Security Agency (CISA) has published a new 'CISA Insights' document aimed at all US organizations, not just critical infrastructure operators. The checklist of actions is CISA's response to this week's cyberattacks on Ukraine's systems and websites, which the country's officials have blamed on hackers linked to Russian intelligence services.”
Ukraine officials have revealed that dozens of systems in at least two government agencies were wiped during a recent attack.
Prior to the latest cyberattacks on Ukraine, CISA published an advisory aimed primarily at US critical infrastructure operators detailing recent Russian state-sponsored hacker tactics, techniques, and attacks on enterprise systems such as VPNs, Microsoft Exchange, VMware, Oracle software. It also spotlighted destructive attacks on operational technology (OT)/industrial control systems (ICS) networks in the US and Ukraine.
The ZDNet article shares,
“The new CISA document stresses that ‘senior leaders at every organization in the United States are aware of critical cyber risks and take urgent, near-term steps to reduce the likelihood and impact of a potentially damaging compromise.’ It added ‘If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.’”
One of CISA’s leading recommendations is to adopt multi-factor authentication and to disable all non-essential ports and protocols, implement controls for using cloud services, and conduct vulnerability scanning. CISA also recommends creating a crisis response team that regularly prepares and trains for an event.
As we have shared in previous articles, credit unions need to have a team that includes internal IT as well as experienced partners who can act as “threat hunters” monitoring, responding, patching and locking down vulnerable systems. This type of response is required in today’s active threat environment. Organizations can no longer rely on services that just scan and report – more investigation and manual intelligence, combined with expertise, tools and dedicated time to fight these threats are required for protection.
Credit unions are responsible for member data and the purview of accountability is much broader than it has ever been. In a recent article published in CUInsight we shared 5 ways organizations can prepare for a cyber attack to reduce impact and increase speed of recovery.
Hackers are attempting to break into networks constantly – the threats are only going to get worse. The silence of these threats makes it easy for leaders to overlook their importance.
Now more than ever, credit unions need to recognize cyber threats as a very real and immediate risk, and build a team of experts and partners who can proactively and vigilantly monitor and protect your assets and members.
No matter the size or reach of your financial institution, it is critical for your organization to have a reliable, secure, and intuitive data backup and recovery solution in place to protect your data, your business, and your brand.
Fortunately, you don’t have to approach this process alone. Think|Stack is a trusted advisor to many banks and credit unions and is ready to share our team’s knowledge with your business to kick-start your backup and recovery solution.
So if you are looking for a partner with the experience, industry knowledge, and vendor relationships to help find the best enterprise data backup and recovery solution for your business, then contact the team at Think|Stack today.
We also would like to share our resource, “Cybersecurity Framework: Compliance and Protection 101,” with you, which is available for download here.