CISA Urges Critical Infrastructure to Be Alert for Holiday Threats
CISA and the FBI share steps organizations should take to better protect against security threats during holidays and weekends.
As Americans across the country get ready for turkey and travel this Thanksgiving, the Cybersecurity and Infrastructure Security Agency and the FBI issued a warning to all organizations, but especially critical infrastructure, about security threats they might face during the holiday season.
"Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways — big and small — to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure," officials wrote in a statement.
While they have not identified any specific threats, officials noted this year's trends show attackers have chosen holidays and weekends, such as Independence Day and Mother's Day weekends, to launch serious ransomware campaigns. They urge organizations to examine their security posture and adopt best practices to manage their risk.
The recommendations include identifying IT security employees who would be available to work during weekends and holidays in the event a cyberattack occurs. They also advise implementing multifactor authentication for remote access and admin accounts; mandating strong passwords and ensuring they aren't reused across multiple accounts; and ensuring potentially risky services such as Remote Desktop Protocol (RDP) are secure and monitored.
Officials also advise reviewing incident response and communication plans, and updating them if necessary, to reduce potential business impact if an incident occurs.
Read the full release for more details.
About the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024