FortiGate 60F: Cyber Security Best Practices Imperative !
Russia might undertake disruptive cyberattacks against companies in the United States, NATO member nations, and allies that support Ukraine, according to the White House and the US Cybersecurity and Infrastructure Security Agency (CISA).
Over the last month, Unit 42 has detected linked cyberattacks in Ukraine. Given that growing information indicates to potentially harmful cyberattacks, we believe it is critical to urge all enterprises to evaluate their cybersecurity policies and incident response plans as soon as feasible, as well as to improve their security posture.
The following are some tips that businesses may use right now to put defenses in place, as well as some long-term cyber hygiene best practices.
You should think about how to strike the right balance between your company’s demands and the threat of a cyberattack. It’s critical to keep your business running smoothly while simultaneously using security tools and procedures to boost your company’s alertness and resilience. This may assist avoid retaliatory cyberattacks as well as any other attack activities that may be occurring.
Attacks by Phishers
Newsworthy events are often used as subjects and lures in phishing and spear-phishing assaults by threat actors. Prior to the start of military action in Ukraine, Unit 42 saw spear-phishing activities aimed at delivering malware to Ukrainian enterprises.
What You Can Do Right Now to Strengthen Your Defenses
1.Follow URL Filtering best practices.
Here are several examples:
a. Block all dangerous categories and alerts, as well as threat-adjacent categories, if possible.
b. Switch to inline Advanced URL Filtering protection against “patient zero” harmful URLs or enable it.
c. Take advantage of the DNS Security subscription.
d. Because contemporary assaults are multi-step, use WildFire URL analysis.
2.Make sure to establish a profile and activate the signatures if you’re using Threat Prevention.
3.Enhance your anti-phishing protection.
a.Firewalls should have URL filtering enabled.
b.Microsoft Office macros should be disabled.
c.Employees should be trained to recognize fraudulent emails, messages, and bogus assistance websites.
d.Implement multi-factor authentication and follow best practices for password security, such as CASMM, with an aim of reaching level 6-8. (MFA).
e.Set up Credential Phishing Prevention on your firewall to prevent credentials from being use in places where they aren’t supposed to be.
f.When you don’t know the sender or the domain, don’t open, click, or execute questionable emails, files, links, or programs – particularly if you weren’t expecting to get the communication. It’s a good idea to stop and double-check that you’re on the right page before entering credentials. Pay special attention to odd MFA popups, and don’t click “accept MFA” if you don’t recognize a login attempt.
4.Make sure all of your software is up to date.
-Patch any internet-facing services as soon as possible. Attackers are opportunistic, and they’ll take advantage of any opportunity to get access to your systems. It’s also critical to update carefully and consistently throughout the development lifecycle, i.e., test first in a separate development environment. As a result, the upgrades will be free of sabotage and undesired behavior. (Updates for the node-ipc package, for example, recently featured modules with unexpected behaviour designed to protest the Ukraine-Russia war.) Updates should only be downloaded from authorised websites. Reduce the risk of supply-chain assaults by doing a software audit and removing software that you no longer use or can’t trust.
5.Update the agent version and content if you’re using Cortex XDR.
Also check our recent piece on Cortex XDR defenses against cyber activities between Russia and Ukraine.
6.On your network, limit and restrict user rights.
To minimize any possible damage, use least-privilege principles to limit access. Ascertain that the network’s key systems are separating. Assess rights for all human and non-human identities in cloud settings.
7.Examine your domain’s group policy settings.
Check for any questionable or outdated policies.
8.Now is the time to invest time and resources on backups.
Ransomware and wipers are on the increase, and they may encrypt your data even in the cloud. The only thing worse than having no backup is having a backup that fails. Set aside some time to practice recovering your backups. Consider encrypting backups, including cloud backups.
9.Examine your company continuity and incident response strategy.
Do you have any situations that are damaging in nature? Is your command structure up to date?
10.Retainers should be worn.
Have retainers agree in advance for incident response, outside lawyers, and crisis communications teams, so you are not catch off guard if an event arises. Do you already have them? Check in with your retainer suppliers and let them know you’re on high alert.
Cyber Hygiene Best Practices for the Long Run
Here are some ideas for improving your cybersecurity posture and fortifying your defenses:
1.Small firms should migrate to cloud-based solutions. Protect websites with anti-DDoS protection and follow cybersecurity best practices in the cloud.
2.To secure your company, use a Zero Trust strategy.
3.Use a different laptop/smartphone for business and home use.
4.Pen-testing (red teaming) of your networks should be carry out on a regular basis.
5.Disaster contingency plans, such as those involving failover sites, restoring backups, dealing with personnel shortages, guaranteeing knowledge transfer, and so on, should all be put to the test.
6.Continue to update all software and keep track of the versions, fixes, and most recent updates.
7.Continue to educate employees on fundamental security procedures, and put them to the test using phishing emails.
8.Include source code security, data encryption, pen testing, and other security features from the outset for any new products or projects.
#It’s Now or Never to Follow Cybersecurity Best Practices
This isn’t a time to panic, but it is a time to be on high alert and aware of genuine threats, which is precisely the time to evaluate security policies, practice contingency plans, and be aware of possible dangers to our businesses and sectors. The best we can do is prepare ourselves for what may occur, which we can do by practicing.
Learn more: FortiGate 60F
Explore more articles at Giga Article
