Cybersecurity and Infrastructure Security Agency (CISA) is a newly formed US federal agency working tirelessly to tackle cyber threats, and to develop secure and reliable infrastructure. CISA has warned all the industrial stakeholders in the country to be prepared and to take proactive measures against any malicious cyber activity. Organizations and service providers have been encouraged to have their SHIELDS UP to cyber threats and to take proactive measures to mitigate risk to their networks.
Guidelines Issued by CISA
CISA has set some guidelines necessary to be followed. These mitigation guidelines are briefly explained below:
It has been made mandatory for each organization to use multi-factor authentication on their systems. This will provide a shield to any phishing activity, making it harder for hackers to get access to information on their systems.
New technology comes with advanced security features. It is expected that software and applications being used are up to date. This not only minimizes any exploitation due to flaws in older versions, but also enables a strong defense against any attack.
Despite several security checks, there might still be a chance for malicious activities. Data encryption is the only solution. Companies should make it compulsory to encrypt their data, so that only employees with the correct encryption key can decrypt it.
Data is considered an asset now. There must be multiple data backups online as well as offline.
Organizations have been encouraged to invest in educating their employees about common cyberattack tactics used by attackers over email or through websites, and to report unusual behavior on their computers or phones. More than 90% of such activities start by clicking on an advertisement or opening an email.