SHIELDS UP in bite sized chunks

Unless you are living completely off the grid, you know the
horrifying war in Ukraine and the related geopolitical tensions
have dramatically increased cyberattacks and the threat of even
more to come.

The Cybersecurity and Infrastructure Security Agency (CISA)
provides guidance to US federal agencies in their fight against
cybercrime, and the agency’s advice has proven so valuable that
it’s been widely adopted by commercial organizations too.

In February, CISA responded to the current situation by issuing
an unusual “SHIELDS UP!” warning and advisory. According to
CISA, “Every organization—large and small—must be prepared to
respond to disruptive cyber incidents.”

The announcement from CISA consisted of a range of
recommendations to help organizations and individuals reduce the
likelihood of a successful attack and limit damage in case the
worst happens. It also contains general advice for C-level leaders,
as well as a tip sheet on how to respond to ransomware in
particular.

Breaking down the SHIELDS UP guidelines

There’s a lot of stuff there – over 20 instructions and
recommendations in total. How much can you really do? Digging into
it though, many of the CISAs guidelines are really just basic
security practices that everyone should be doing anyway. In
the list of
recommendations^[1], the first two are about
limiting user privileges and applying security patches –
particularly those included in CISA’s list of known exploited
vulnerabilities^[2]. Everyone should be
doing that, right?

Next, CISA recommends a list of actions for any organization
that does get attacked. Again, these tips are fairly
straightforward – quickly identifying unexpected network activity,
implementing antimalware and antivirus software, and keeping
thorough logs. Sensible advice but nothing ground-breaking.

And here’s the thing – these activities should already be in
place in your organization. There should be no need to “mandate”
good practice and the fact that this “official advice” is needed
says a lot about the general state of security in companies and
organizations around the world.

Implementing the guidelines in practice

Security posture becomes weak due to missing technical know-how,
resources, and a lack of strategy. That this happens is
understandable to a degree because even though technology is core
to the functioning of organizations it remains true that delivering
technology services is not the core purpose of most companies.
Unless you’re in the tech sector, of course.

One way to address the current gaps in your practices is to rely
on an external partner to help implement items that are beyond your
capabilities or available resources… In fact, some requirements
are unattainable without a partner. For example, if you need to
update end-of-life^[3]
systems you’ll find that updates are no longer provided by the
vendor. You’ll need a security partner to provide you with those
patches.

And patching is probably the lowest-hanging fruit in the
security pipeline – but often patching doesn’t get done
consistently, even though it is highly effective and easy to
implement. Downtime and maintenance windows are a drawback for
patching and so are resource limitations.

The right tools for the job

Getting a regular patching cadence going would be the easiest
step to following the “SHIELDS UP!” guidance, even if patching is
tricky. The right tools can help: for some software components live
patching technology can make all the difference. Live, automated
patching tools remove the need to schedule downtime or maintenance
windows because patches are applied without disrupting live,
running workloads.

Automated patching – as provided by KernelCare Enterprise^[4], for example – also
minimizes the time between patch availability and patch deployment
to something that’s almost instantaneous, reducing the risk window
to an absolute minimum.

It’s just one example of how the right cybersecurity toolset is
critical to successfully responding to the current heightened
threat landscape. CISA provided solid, actionable suggestions – but
successfully defending your organization requires the right tools –
and the right security partners.