SHIELDS UP in bite sized chunks


Unless you are living completely off the grid, you know the horrifying war in Ukraine and the related geopolitical tensions have dramatically increased cyberattacks and the threat of even more to come.

The Cybersecurity and Infrastructure Security Agency of the United States (CISA), provides advice to federal agencies regarding cybercrime prevention and response. It has been so successful that many commercial companies have adopted its guidance.

In February, CISA responded to the current situation by issuing an unusual “SHIELDS UP! ” warning and advisory. According to CISA, “Every organization–large and small–must be prepared to respond to disruptive cyber incidents. “

CISA’s announcement contained a variety of suggestions to assist individuals and organizations in reducing the chance of an attack succeeding and limiting damage in the event of the worst. It also contains general advice for C-level leaders, as well as a tip sheet on how to respond to ransomware in particular.

Breaking down the SHIELDS UP guidelines

There’s a lot of stuff there – over 20 instructions and recommendations in total. What can you do with so much? Digging into it though, many of the CISAs guidelines are really just basic security practices that everyone should be doing anyway. In the list of recommendations, the first two are about limiting user privileges and applying security patches – particularly those included in CISA’s list of known exploited vulnerabilities. Everyone should be doing that, right?

Next, CISA recommends a list of actions for any organization that does get attacked. These tips can be boiled down to identifying suspicious network activity quickly, installing antimalware software and maintaining detailed logs. This is sensible advice, but not groundbreaking.

And here’s the thing – these activities should already be in place in your organization. This “official” advice is not necessary and should not be used to mandate good practices. It also speaks volumes about the security of companies and organisations around the globe.

Implementing the guidelines in practice

Security posture becomes weak due to missing technical know-how, resources, and a lack of strategy. That this happens is understandable to a degree because even though technology is core to the functioning of organizations it remains true that delivering technology services is not the core purpose of most companies. Unless you’re in the tech sector, of course.

One way to address the current gaps in your practices is to rely on an external partner to help implement items that are beyond your capabilities or available resources… Some requirements can’t be met without the help of a partner. For example, if you need to update end-of-life systems you’ll find that updates are no longer provided by the vendor. To get those patches, you will need to have a partner in security.

And patching is probably the lowest-hanging fruit in the security pipeline – but often patching doesn’t get done consistently, even though it is highly effective and easy to implement. As well as resource limits, downtime and maintenance windows can be a problem with patching.

The right tools to do the job

Getting a regular patching cadence going would be the easiest step to following the “SHIELDS UP!” guidance, even if patching is tricky. For some components of software, live patching technology is a great tool. Live, automated patching tools remove the need to schedule downtime or maintenance windows because patches are applied without disrupting live, running workloads.

Automated patching – as provided by KernelCare Enterprise, for example – also minimizes the time between patch availability and patch deployment to something that’s almost instantaneous, reducing the risk window to an absolute minimum.

This is just one of many examples that the proper cybersecurity toolset can be crucial to effectively responding to today’s heightened threat environment. CISA provided solid, actionable suggestions – but successfully defending your organization requires the right tools – and the right security partners.

Rate author