With the holidays upon us and many organizations reducing their staffing to allow for time off, WaterISAC reminds its members of important steps to take now as emphasized in recent advisories from the White House and CISA. As Deputy Assistant to the President and Deputy National Security Advisor Anne Neuberger highlighted when the White House advisory was released, breaches often occur around holidays when cyber threat actors know security operations centers are short-staffed.
As noted in last Thursday’s SRU, both the White House and CISA published advisories urging organizations, including critical infrastructure, to take immediate steps to protect themselves against malicious cyber activity given persistent and ongoing cyber threats and past experiences of threat actors executing attacks around holidays. Many of the recommendations are simple and can be executed with relatively little effort, such as changing passwords and implementing patches. For all the steps though, the effort expended is far less than what would likely need to be dedicated if a breach actually occurred. Some of the other steps include backing up data (and testing back ups), conducting spear phishing training and exercises to raise employee awareness, and immediately reporting cyber incidents and anomalous activity. The advisories point to CISA and FBI for reporting this activity. WaterISAC also encourages its members to report activity by emailing [email protected], calling 866-H2O-ISAC, or using the confidential online incident reporting form.