Key Takeaways from March 2022 White House Cybersecurity Briefing

On March 21st, the White House issued a cybersecurity brief covering important facts for security teams and everyday users alike. With the current Ukraine-Russia conflict, the United States is on high alert, especially when it comes to cybersecurity. In response to the growing concern, this brief provided practical advice on how organizations can take responsibility for protecting themselves from cyber risks.

According to the cybersecurity brief, the reality is that much of the Nation’s critical infrastructure is owned and operated by the private sector. The private sector must act to protect the critical services on which all Americans rely.

Defendify has compiled a few big takeaways from the brief for businesses to consider as they look at improving their security posture during these uncertain times.

Understand that the current global situation affects everyone

Just because you aren’t in critical infrastructure or the DOD supply chain doesn’t mean you’re not also at risk. The United States has responded to the actions in Ukraine with numerous economic sanctions that will likely have effects on the Russian economy. Driven by the financial crisis, threat actors may accelerate ransomware demands during this time. Having an employee respond to a wide-net FedEx-style phishing email and execute a ransomware payload is bad enough during “normal” times— it could become exponentially worse during the current situation.

It’s important to pay attention to cryptocurrency as well. Ransom payments via cryptocurrency have a higher chance of circumventing the sanctions enforced through financial institutions, creating a “loophole” of sorts.

Although the sanctions did attempt to put limits on virtual currency transfers, cybercriminals will likely be able to navigate their way around the restrictions.

Scan, plan, and patch vulnerabilities

Vulnerability scanning is critically important right now. Assets with vulnerabilities could provide an attacker with a pathway to breach your perimeter defenses. It could only take one open door into your network to allow a threat actor inside an organization or enable lateral movement.

Practically speaking, any organization should establish a process and set goals around patching critical vulnerabilities within a specified timeframe.

It’s also helpful to sign up for alerting services or notifications to stay updated on critical intelligence around emerging threats.

Don’t forget your fire drills

Conduct table-top exercises, including full restoration of data from backups. There’s a reason that children participating in a fire drill physically line up single-file outside by the flagpole. It’s all about building muscle memory, working out the kinks in the plan, and preparing for a crisis before it happens.

If you wait until an actual incident to test your data backups and restore systems after an attack, we predict there’s a significant chance you will run into unexpected issues. For instance, an organization with a backup system – which is great – didn’t anticipate that an attack would slow down their business for an entire month, as it took them almost three weeks to get all their backup data restored. A table-top exercise would have prevented this type of “surprise” from happening in the instance of an actual attack.

Enable multifactor authentication

MFA, MFA, MFA! Multifactor authentication is a critical security practice within any organization. According to the CISA, “MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable MFA are up to 99 percent less likely to have an account compromised.”

MFA adds strong protection and an additional layer of difficulty for threat actors to achieve account takeover; however, it is not always perfect.

A CISA alert recommended a few ways to utilize MFA properly:

1. Enforce MFA for all users, without exception.
2. Implement time-out and lock-out features in response to repeated failed login attempts.
3. Ensure inactive accounts are disabled uniformly across the Active Directory, MFA systems, etc.
4. Update software, including operating systems, applications, and firmware on IT network assets in a timely manner.
5. Require all accounts with password logins to have strong, unique passwords. Passwords should not be reused across multiple accounts or stored on the system where an adversary may have access.
6. Continuously monitor network logs for suspicious activity and unauthorized or unusual login attempts.
7. Implement security alerting policies for all changes to security-enabled accounts/groups.

Keep practicing cybersecurity basics

To use another familiar childhood reference, if you want to become proficient at anything, it’s necessary to practice the basics repeatedly! CISA’s Shields Up campaign is an excellent resource that compiles top security recommendations, tools, and guidance.

It reiterates cybersecurity best practices, such as:

• Making sure solutions are in place to quickly detect intrusion
• Implementing safeguards to prevent modern-day malware attacks
• Preventing email phishing scams, especially through training employees to avoid clicking on malicious links
• Utilizing credential management to ensure you aren’t reusing passwords or using weak ones

Let’s think of this increased concern around cybersecurity as an opportunity to fine-tune our efforts to protect our companies and customers from threats. Many organizations have been thinking about this long before but lacked urgency or justification. As we move forward, let’s take this moment in time to build up better resilience today for a safer tomorrow.