With military operations underway in Ukraine, targeted cyber-attacks have also been reported. While the reported targets are focused in and around the theater of operations these activities may expand beyond so it’s a good idea to recheck that your security posture prepared.
Below is a recommended 11 point security posture check list that can be used to assess your environment’s readiness.
We are making this available as it is our goal to ensure organizations are properly prepared in the event of a cyber-attack or related incident:
- Detect: Monitor for unusual or unexpected activity involving internal and/or external sources
- Cloud Security: Verify cloud features (S3 buckets / EC2 instances for example) are securely locked down and monitored for communications between applications to ensure there’s nothing out of the ordinary. Recheck, monitor, and audit access and changes to your cloud environments.
- Identify: Ability to identify all devices, users, & activities occurring and properly classify as known good, known bad, and unknown
- Access: Do not allow logins from sources with no business justification including geographical.
- Mitigation: Capability to stop threat actors from performing nefarious activities
- Vulnerability Scanning: Consistently scan your environment for vulnerabilities and remediate accordingly.
- Patching: Related to vulnerability scanning, ensure all systems are fully patched to the latest version.
- Automatic Updates: Often overlooked, ensure your security environment is set to receive and apply OEM issued security updates.
- Backup: Create or update backups for all critical systems and ensure backups are separated (air gapped) from production systems.
- Email Security: Email continues to serve as a major entry point for threat actors. Is your email security sufficient to identify and stop these activities?
- Incident Response: Have an Incident Response plan, including a retainer, and it be tested regularly.
Below is a listing of sites that contain helpful related content:
- CISA: CISA and FBI Publish Advisory to Protect Organizations from Destructive Malware Used in Ukraine
- Palo Alto Networks: Russia-Ukraine Cyberattacks: How to Protect Against Related Cyberthreats Including DDoS, HermeticWiper, Gamaredon and Website Defacement
- Cisco: Talos on the developing situation in Ukraine
- Fortinet: Cyber Readiness Center and Breaking Threat Intelligence: Addressing the Threat of Cyber Warfare
- Rapid7: Staying Secure in a Global Cyber Conflict
- Mandiant: Anticipating Cyber Threats as the Ukraine Crisis Escalates
Integration Partners, a ConvergeOne company, is available to assist with your security needs so please reach out to your Account Executive or reach out directly via firstname.lastname@example.org.