The Federal government wants to prepare every American for a potential cyberattack. The Cybersecurity & Infrastructure Security Agency (CISA) was recently established to communicate threats with clarity and detail. Their “Shields Up” campaign provides resources, guidance and updates to organizations and individuals about the latest cyber activities, particularly those that relate to Russia and Ukraine.
CISA asserts that CEOs must focus on five urgent areas:
Empower Chief Information Security Officers (CISO)
Security improvements often are weighed against cost and operational risks. In this heightened threat environment, senior management should empower CISOs by including them in the decision making process when it comes to company risk. It’s also critical that the entire organization understands that security investments are a top priority.
Note: According to Security magazine, 45% of American companies do not have a CISO on payroll. Of the 62% that do employ a CISO, only 4% list the position on their company leadership pages. 77% of the Fortune 500 do not indicate on their websites who is responsible for their security strategy.
Lower Reporting Thresholds
Every organization needs documented procedures for reporting potential cyber incidents to senior management and the U.S. government. More importantly, in this heightened threat environment, these thresholds should be significantly lower than normal. All malicious cyber activity (even if it’s blocked by security controls) should be reported to firstname.lastname@example.org. Lowering thresholds allows CISA to immediately identify an issue and help protect against further attack or victims.
Participate in a Test of Response Plans
Cyber incident response plans should include not only your security and IT teams, but also senior staff and Board members. A tabletop exercise is a valuable tool to ensure familiarity with how your organization will manage a major cyber incident. Also remember to factor in companies within your supply chain. If a vendor is hacked, how will that affect your operations?
Focus on Continuity
It’s imperative that security and resilience should be at the forefront of critical business function support. Senior management needs to identify critical systems and conduct continuity tests to make sure business functions are up and running after a cyber intrusion. [Recovery Point wants you to add recovering from a cyberattack to your to do list.]
Plan for the Worst (and Hope for the Best)
The U.S. government doesn’t possess current credible information on specific threats to the U.S. homeland, but businesses should plan for a worst-case scenario. Urgent measures need to be in place to protect an organization’s most critical assets in the event of a disruption, including disconnecting high impact segments of the network, if needed.
CISA leads our national effort to understand, manage, and reduce risk to America’s critical infrastructure with the goal of ensuring the security and resilience of business operations. You can help this effort by reporting any anomalous cyber activity and/or cyber incidents 24/7 to email@example.com or by calling 888-282-0870.