CISA: Every Organization in the US is at Risk From Cyber Threats

January 20, 2022 - “Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety,” the Cybersecurity and Infrastructure Security Agency (CISA) warned in its latest CISA Insights report.

CISA published the report in response to recent Russian cyberattacks aimed at public and private entities in Ukraine. There have been reports of defaced Ukrainian government websites and destructive malware aimed at private entities that could result in disruptions to critical functions.

Specifically, CISA warned of NotPetya and WannaCry ransomware, both of which have been deployed in the past to cause significant harm to critical infrastructure.

Despite these actions, a rare instance of US-Russian collaboration occurred in mid-January when Russia’s FSB intelligence agency detained 14 people in connection with the REvil ransomware gang.

CISA’s report “is intended to ensure that senior leaders at every organization in the United States are aware of critical cyber risks and take urgent, near-term steps to reduce the likelihood and impact of a potentially damaging compromise.”

CISA echoed its previous sentiments by urging organizations to review its guidance on mitigating Russian state-sponsored cyber threats to critical infrastructure.

The agency recommended that organizations reduce the likelihood of cyber intrusions by validating that all remote access to an organization’s network requires multi-factor authentication. Organizations should also ensure that software is up-to-date and patched, in accordance with recently discovered exploitable vulnerabilities such as Log4j.

On January 18, CISA added 13 additional vulnerabilities to its Known Exploited Vulnerabilities Catalog.

In its insights report, CISA also urged organizations that use cloud services to ensure that IT personnel have implemented strong cloud security controls and that the IT team is prepared to detect any unusual network activity. Organizations should enable logging in order to detect and investigate suspicious activity.

“If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic,” the report continued.

Organizations should also designate a crisis-response team and conduct tabletop exercises to ensure that cyber incident response plans run smoothly.

CISA also emphasized the importance of testing backup procedures to ensure that critical data can be restored in the event of a cyberattack.

When faced with a cyberattack, many healthcare organizations have been forced to document clinical notes on pen and paper and divert ambulances. CISA data has shown that these disruptions can cause increased mortality rates.

At a recent WEDI Spotlight conference, Josh Corman, chief strategist of CISA’s COVID task force, urged the healthcare sector to face the harsh realities of healthcare cyberattacks.

“We have been so afraid to admit that cyberattacks and IT failures can impact patient care and patient safety, that if we continue to be in denial mode, we will go back to business as usual,” Corman emphasized during the conference.