The Cybersecurity and Infrastructure Security Agency (CISA) has published a new CISA Insights report, following a series of recent malicious cyber incidents in Ukraine.
The report strongly urges leaders and network defenders to remain alert of malicious activity and provides a list of actions that all organizations can take to reduce the likelihood and lower the impact of a cyberattack.
Keep reading to learn more about the latest risks, recommended best practices, and why HIPAA compliant email is a step in the right direction.
Why this matters
The CISA Insights report states that “every organization in the United States is at risk from cyber threats that can disrupt essential services and result in impacts to public safety.” These incidents have affected both large and small organizations across various sectors over the last year.
CISA specifically cites recent attacks on private and public entities in Ukraine, which included the identification of potentially destructive malware. The document emphasizes that this finding is particularly concerning, as “similar malware has been deployed in the past to cause widespread damage to critical infrastructure.”
Therefore, the goal of the report is to raise awareness of critical cyber risks and help organizations implement the right strategies to protect themselves.
What are the recommendations?
To reduce the chance of a cyber intrusion, CISA urges all organizations to immediately take the following measures.
- Verify that all remote network and privileged or administrative access requires multi-factor authentication
- Make sure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA
- Confirm that IT personnel have disabled all non-essential ports and protocols
- If using cloud services, ensure that controls are strengthened based on CISA guidelines
- Sign up for CISA’s free cyber hygiene services to minimize threat exposure
The report notes that organizations can take steps to quickly detect an attack by enabling logging to better investigate issues and protecting the entire network with antivirus or antimalware software. Those working with Ukrainian organizations are advised to stay especially vigilant about monitoring and isolating traffic.
Additionally, CISA lists ways that organizations can stay prepared to respond to a future intrusion and improve overall resilience. Best practices include designating a crisis response team, conducting a tabletop exercise, isolating data backups from network connections, and testing manual controls to prevent the disruption of critical operations.
Finally, CISA advises all cybersecurity and IT staff to review its guidance on Russian state-sponsored cyber threats in light of the latest incidents. The report also recommends that all organizations visit StopRansomware.gov, a web page with essential resources on how to defend against these rising attacks.
Step up your security with Paubox
When it comes to mitigating risks, evaluating your organization’s current systems and processes is a key piece of the puzzle. With email serving as a top threat vector for cybercrime, healthcare providers can take further measures to safeguard sensitive information by making stronger email security a top priority.
Designed to seamlessly integrate with your current email platform such as Google Workspace or Microsoft 365, Paubox Email Suite sends HIPAA compliant email by default and automatically encrypts every outbound message. This means you don’t have to spend time deciding which emails to encrypt and your patients are able to receive your messages directly in their inbox without having to navigate any separate passwords or portals.
Paubox Email Suite’s Plus and Premium plan levels also include advanced inbound email security tools for further protection. Our patent-pending Zero Trust Email feature uses email AI to confirm an email’s legitimacy, while patented ExecProtect quickly intercepts display name spoofing attempts.