4 Critical Cybersecurity Areas You Should be Focusing on Now
WALTHAM, Mass., April 19, 2022 /PRNewswire/ -- Aqueduct Technologies, Inc., New England's leading IT solutions provider -- As a result of international tensions that have arisen surrounding the Russia/Ukraine conflict, the Cybersecurity, and Infrastructure Security Agency (CISA) recently released the "Shields Up Advisory", recommending that organizations be on heightened alert.
What exactly does this mean? What actions should we take? Getting started down a path toward applying this information to your environment can feel overwhelming. Not to worry ? we can call upon one of our favorite industry terms: Actionable Intelligence.
We need to take the general advice being given and expand on it, so we can do something with it. The best place to begin when interpreting the advisory and your overall security posture is to start with the basics and build a plan.
Below is high-level guidance and resources on critical areas to consider:
Read the full blog for an expanded version of this list
1. Incident Response Handling Develop an Incident Response Plan. Both NIST and SANS have standardized frameworks, summarized below:
Preparation
Identification (Detection & Analysis)
Containment
Eradication
Recovery
Lessons Learned
Having an action plan will reduce your need to pivot during times of crisis, ensure your strategy is aligned to the highest cybersecurity standards, and significantly improve the availability and integrity of your data and services.
Incident response handling is time-consuming, requiring detailed operational analysis, full-time staff, and ongoing adjustments. Leveraging a Managed Detection and Response solution may be considered to reduce operational overhead and accelerate response times.
2. Authentication & Identity Management
Leverage MFA across the board
Audit AD accounts and MFA policies
Audit cloud service provider Identity and Access Management (IAM) ruleset
Implement network segmentation and containment controls with Cisco ISE
3. Network & Infrastructure Security Controls
Audit firewall ruleset
Align firewall ruleset with Next-Generation Firewall (NGFW) architecture
Align VPN topologies to modern cryptographic standards
Audit cloud workflows
Leverage SIEM and NetFlow logging and traffic monitoring
Block browser-based encrypted DNS services
Leverage SaaS tenant controls
Maintain up-to-date software versions across the organization
Conduct regular penetration testing
Conduct regular DR testing
Conduct regular backups and ensure tiered 3-2-1 backup hierarchy
Medical imaging IT and cybersecurity company Sectra (STO: SECT B) is publishing its Annual Report and Sustainability Report for the 2023/2024 fiscal year today. This report also includes the Corporate Governance Report for the same period.
The...
Jayden Scott, celebrated as a visionary among young business leaders, has successfully completed a multi-million dollar acquisition of the viral e-commerce brand CloudSharks, known for its innovative shoewear products.
At just 21 years old, the...
Bandai Namco Entertainment Inc.'s mobile app DRAGON BALL Z DOKKAN BATTLE?the exhilarating beat em' up battle game featuring events and characters from Dragon Ball, in over 170 countries?is celebrating its 9th Anniversary with exciting in-game and...
China and Kazakhstan have always supported each other and have always been partners in times of challenges, Chinese President Xi Jinping said in a signed article in the Kazakhstanskaya Pravda newspaper and Kazinform International News Agency on...
H.I.G. Capital ("H.I.G."), a leading global alternative investment firm with $64 billion of capital under management, is pleased to announce that an affiliate has signed a definitive agreement to acquire CGH Group S.A. ("CGH" or the "Company"), a...