The events unfolding overseas are unsettling on a number of fronts—including the first salvos, which took place in the data center, not on the battlefield. While there are currently no specific or credible cyber threats to organizations in the U.S., attacks on data centers hit close to home for all of us no matter where we are in the world.
The Cybersecurity & Infrastructure Security Agency (CISA) has just released guidance for all organizations to adopt heightened postures to cybersecurity in the face of mounting threats. Let’s unpack the guidance and recommendations so you can see exactly where you can bolster your efforts and where Pure can help.
4 Ways to Implement Guidance for Organizations
CISA’s four-point guidance for bolstering your defenses includes plenty of good reminders, reinforcing important steps every organization should take before, during, and after a threat:
- Reduce the likelihood of a damaging attack. I always tell organizations to make stealing your data as expensive as possible for hackers. This means being proactive with plenty of hurdles like multifactor authentication and admin credential vaulting. You should also be fine-tuning patch management programs, practicing excellent data hygiene, and conducting regular security awareness training.
- Ramp up threat detection and forensic capabilities. If an attacker is in your network, seconds count. It’s critical to maintain excellent security logging and analytics, a goldmine in helping you detect threats and connect the dots post-attack. Pure offers the fastest analytics processing available for this especially when you’re using platforms like Splunk and Elastic.
- Be prepared if an intrusion occurs. Have a communications plan and emergency crisis response team with marching orders at the ready. The team could include legal counsel, forensics experts, IT, InfoSec, comms, and other key players. Do a dry run with everyone involved so no one is left guessing day of. Be sure to engage external partners and have arrangements in place for help prior to an event arising.
- Increase resilience with better recovery speed. Restore times are perhaps the most important thing when it comes to resilience. Know your tolerance for downtime, create a regular cadence for testing backups, and have plans for getting mission-critical data back online, such as a bunkered backup architecture or staged recovery environment. Pure’s SafeMode™ snapshots are the industry gold standard here, and with our FlashArray™ and FlashBlade security platforms, organizations can restore data instantly when needed.
Considerations for Current Events
CISA advises paying attention to traffic from organizations in Ukraine or other countries potentially in conflict. I always recommend monitoring traffic from and having visibility into access controls of service providers and partners, but in this instance, it’s worth ramping up how you monitor, inspect, and isolate traffic on a more geo-specific basis.
5 Ways Leaders Can Take Action
Corporate leaders have an important role to play in getting their organizations dialed in with better security postures. All senior leaders, including CEOs, should do the following if they’re not already:
- Empower Chief Information Security Officers (CISOs). I believe it’s critical to have a great rapport with your CISO. They’ll be your best line of sight into what controls are in place and where there may be gaps. CISA echoes this, encouraging executives to give CISOs a seat at the table and empower them to make investments in and have a say in decisions pertaining to security and risk.
- When in doubt, report security events. Reporting is a key part of any incident response plan, but paying it forward with early reports may help other organizations, too. CISA notes, “We can use this information to render assistance and as warning to prevent other organizations and entities from falling victim to a similar attack.” Reporting is another instance where security logs will come in handy, so pay close attention to how they’re stored and secured.
- Test your emergency response plans. I mentioned above the importance of a well-rounded crisis response plan and team. That team shouldn’t just include security and IT. It could include senior business leadership, investor relations, and members of the board, too. CISA recommends tabletop exercises to get familiar with everyone’s role in recovery. Consider how you’ll break the news. Anticipate the burning questions and don’t be misleading.
- Focus on business continuity. There are plenty of reasons to have an agile digital infrastructure, but security is a big one. CISA recommends prioritizing investments in security and resilience of critical business functions. You’re not going to get the speed you need from legacy backup appliances, that’s for sure.
- Plan for worst-case scenarios. Know your absolute worst-case scenario and what that blast radius looks like so you’re prepared and never caught by surprise.
How Pure Storage Helps Keep Your Data Safe—and Highly Available
Knowing the challenges you’ll face first and the immediate steps you can take after the early stages of an attack can help you minimize loss, cost, and risk. Your bottom line is minimizing the damage done and getting back online quickly after an attack—and Pure is here to help. For more information, check out my Cybersecurity Blog Series, as well as the Hacker’s Guide to Ransomware Mitigation and Recovery. And download 10 Questions to Ask Your CISO to get the conversation started.