Practical Mitigations for Cyber Security


By Greg Johnson, CEO Webcheck Security



Recently, the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal

Bureau of Investigation (FBI) posted this notice: US think tank organizations were being

targeted by advanced persistent threat (APT) actors. The resultant list of mitigations, though directly suggested to strengthen the affected orgs’ cyber posture, applies equally to most businesses. The mitigations, or controls as most would call them, are divided into three categories: Leaders, Users/Staff, and IT Staff/Cybersecurity Personnel.


Leaders

The first mitigation, and in fact the only one suggested for the Leaders category, was

the implementation of a cyber awareness training program. Such a program is critical to stave off the onslaught of vishing and phishing success which fraudsters are perpetrating.


Minutes ago I was on a call with a large organization hit by a fraudster in an email and voice call

scam. The bad actor had gained root access to the unsuspecting user’s machine, spanning a

couple of hours. Finally the user realized he was being taken and notified IT, who immediately

“pulled the plug” by disconnecting from all network sources and initiated a forensic

investigation with our team.


Fortunately, no access to other servers was apparent and very little data of consequence

exfiltrated, but a few minutes more on the network and the results, including ransomware and

other malware introduction, might have been disastrous. The moral here is to take CISA

seriously – implement a training program!


Users/Staff

Next, CISA recommends the following six controls which in my mind are foundational and should be had in all organizations:


1) Log off remote connections when not in use.

2) Be vigilant against tailored spearphishing attacks targeting corporate and personal

accounts (including both email and social media accounts).

3) Use different passwords for corporate and personal accounts.

4) Install antivirus software on personal devices to automatically scan and quarantine

suspicious files.

5) Employ strong multi-factor authentication for personal accounts, if available.

6) Exercise caution when: 

-Opening email attachments, even if the attachment is expected and the sender appears to be known. See Using Caution with Email Attachments.

-Using removable media (e.g., USB thumb drives, external drives, CDs).


IT Staff/Cybersecurity Personnel

Finally, these controls will help round out a more robust cyber security program, especially if documented into policy and put into practice:


-Segment and segregate networks and functions.

-Change the default username and password of applications and appliances.

-Employ strong multi-factor authentication for corporate accounts.

-Deploy antivirus software on organizational devices to automatically scan and

quarantine suspicious files.