1 min read

Update on Cybersecurity Concerns Related to Russia-Ukraine Conflict

Featured Image

Approximately two weeks ago we provided guidance for organizations concerned about cyber threats stemming from the Russia-Ukraine conflict. 

On Monday, 3/21, President Biden released a statement that suggested the threat level to US entities may have increased. Excerpt below (emphasis ours):

“I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners. It’s part of Russia’s playbook. 

Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks.

Based on this new information, as well as our attendance on an open call with CISA and the FBI on Tuesday, 3/22, we advise all organizations to review the guidance provided by CISA via Shields Up | CISA and take any reasonable steps to address vulnerabilities of which you are aware. 

There are many recommendations from CISA, but a few are quite clear and consistent with guidance RoundTable has always provided:

  1. Enforce MFA on all critical systems
    • If this is not practical, prioritize MFA on remote access (VPN) accounts as well as administrative and other privileged accounts.
  2. If you have any Internet facing systems, prioritize remediation of any known vulnerabilities.
  3. CISA maintains a catalog of all known vulnerabilities commonly exploited by Russian and Russia-sympathizer cyber attackers. Search this catalog for any applications or hardware in your environment and remediate any discovered vulnerabilities as soon as you reasonably can. 

If you would like additional guidance or have questions, please contact us. We are happy to provide support and guidance and discuss your specific needs..

NY SHIELD Act Compliance Checklist for Nonprofits

The New York SHIELD Act (“SHIELD”), which went into effect in 2020, provides needed clarity around what constitutes reasonable data security. The use...

Read More

Protect Yourself from Fake QR Codes

With the pandemic also came a resurgence of QR codes. Once thought dead, at least in the United States, they are now more widespread than ever. From...

Read More

What is Pretexting? How to Avoid Being Victimized

Pretexting is a type of social engineering attack that is often used to gain access to confidential information. In a pretexting attack, the attacker...

Read More