As the world watches Russia’s conflict with Ukraine, US services providers, like OneNeck, operating critical infrastructure are watching closely as cyberattacks could accompany any physical conflict. The FBI, CISA and the National Security Agency put out a joint advisory in January about potential cyberthreats against US critical infrastructure. CISA also warned US companies to protect their IT systems against destructive wiper malware, which has been used against targets in Ukraine.
At OneNeck, our security teams across the OneNeck/TDS organization are closely monitoring the events related to this conflict. As a telecommunications and service provider, we include ourselves as a key contributor to critical infrastructure, and have been evaluating all alerts from the CISA for the last several months, and we are constantly evaluating our security posture in alignment with those alerts.
Overall our core strategy is to stay disciplined and stay the course related to prior assessed risk reduction activities while increasing awareness and visibility to potential threats in this emerging area. We have a solid foundation of controls that are monitored in the environment and multiple additional controls in the procress of being implemented to further reduce risk, in alignment with the recommendations that CISA Shields Up states.
The following are some key activities that teams across our organization have been performing in preparation:
- Reviewing CISA advisories, briefings and checklists of protections to ensure recommended controls are in place and operating effectively.
- Implementing increased threat monitoring of potential suspicious activities.
- Reviewing security vendor advisories and verifying increased threat monitoring in security tools is activated.
- Increasing communications to our associates on heightened awareness
- Reviewing security risk mitigation objectives to determine if any priorities should shift.
Since traffic can easily come from anywhere in the world, it is incredibly important to have a full security program, and as CISA recommends, at a minimum…
- Update your operating system and software.
- Implement user training and phishing exercises to raise awareness about the risk of suspicious links and attachments.
- If you use Remote Desktop Protocol (RDP), secure and monitor it.
- Make an offline backup of your data.
- Use multifactor authentication (MFA).
We’ve got your back.
We know these can be stressful times, so if you’d like to talk with one of OneNeck’s security experts regarding this situation and ensure your security defenses are sufficient to keep you safe, we are here to help.