In the context where CISOs along with their European and global teams are or might be experiencing cybersecurity effects of the conflict in Ukraine, Forrester recommended some cybersecurity steps that should be followed.

The National Cybersecurity Authority’s Advice Should Be Followed

You should follow the advice of your national cybersecurity authority, but if you do not benefit from this information, you can refer also to the sources mentioned below.

Through its Shields Up effort, a place where you can get the most recent information on the conflict’s current status, CISA has previously warned of growing attacks on key infrastructure and defense industrial bases.

Advice on this topic comes also from the National Cyber Security Centre (NCSC) in the UK. Other organizations, including the European Union Agency for Cybersecurity (ENISA), Germany’s Federal Office for Information Security (BSI), and France’s National Cybersecurity Agency (ANSSI), have issued warnings, and an EU cyber unit has been dispatched to assist Ukraine.

An urgent alert was issued by the Australian Cyber Security Centre too to provide guidance.

Get in Touch with Government Contacts

Make certain you have a reliable government contact in every country where you have a large operation who you can get in touch with, in case of an incident or if you need information on current updates.

For instance, InfraGard organizes information exchange with critical infrastructure suppliers in the United States. Examine the Critical National Infrastructure hub of the UK National Cyber Security Centre (NCSC) and its European counterparts for information. When speaking of EU-based organizations you should contact your local CSIRT or CERT. CSIRT comes from “computer security incident response team” and CERT comes from “computer emergency response team”. A thorough list of CSIRTs by country was provided on this link.

A ”Request for Intelligence” Should Be Initiated

This information should be provided as part of your contract or you can pay a supplementary fee to obtain it. Your vendor should provide you with a report on the target audience and it should also encompass information about your vertical industry as well as your operating locations, data about potentially dangerous threat actors and their methods along with the TTP procedures they employ.

Inform Your Senior Stakeholders in Advance

To avoid panic among your senior executives and board members and the potential wave of questions on cybersecurity concerns, you should inform them of the threat environment and risk before cybersecurity incidents reach the news. Your feasible brief should include data on the general external threat and situation as well as an overview of the general business impact and the consequence it might have on your company. This would be a great occasion too to provide them visibility on what strategy you’ve prepared to face immediate issues.

Work Along with Security Providers

Your company’s security providers should help you in creating a comprehensive cyber conflict and defense strategy.

Turnaround time and automation options for ruleset and patch updates should be confirmed with your product vendors and in the case of managed services, processes and communication channels should be clarified. Your vendors should keep you informed about the conflict in Ukraine.

Focus on Resilience Rather than Predicting the Future

Rather than trying to foresee what will happen next, focus on preparedness and enhancing your firm’s resilience.

Prevention Is the Best Approach

You can’t prepare for cyberattacks when they’re already taking place. If there are any changes you can make to processes or communication after a recent roundtable session, do so.

Following the implementation of the above-mentioned steps accordingly, Forrester also recommended other 4 steps to undertake:

Prepare for Misinformation or Disinformation

The information provided by your security staff is important so follow this to avoid misinformation or disinformation. Maintain your incident response plans and communication components close to hand.

Security, Privacy, and Reliability Should Be Ensured through Secure Communications Tools

You should take some measures if you want to safeguard your corporate communication against security issues like, for instance, eavesdropping, communications metadata exposure, data loss, or non-compliance. Everyday communications and out-of-band communications can be protected by using solutions like Element, KoolSpan, and Wickr, which are tools intended for encrypted messaging and calling that function properly in low-bandwidth environments.

Develop a Training Plan

You should collaborate with your provider in order to develop a training plan on response actions, forensic investigations, and evidence collection.

Make Patching a Priority

This is the proper moment to implement an efficient patch management strategy and update your devices, endpoints, and applications. Critical vulnerabilities should be prioritized, thus adopting a risk-based vulnerability management approach.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

What Is Patch Management? Definition, Importance, Key Steps, and Best Practices

Enterprise Patch Management: What It Is and Why You Need It

What Is Risk-Based Vulnerability Management?

Leave a Reply

Your email address will not be published. Required fields are marked *