The United States’ Cybersecurity and Infrastructure Security Agency (CISA) is urging every organization in the US to implement cybersecurity measures.
Insights issued Tuesday by the cyber defense agency warned that cyber-threats could disrupt essential services and potentially impact public safety.
“Over the past year, cyber-incidents have impacted many companies, non-profits and other organizations, large and small, across multiple sectors of the economy,” said CISA.
“Most recently, public and private entities in Ukraine have suffered a series of malicious cyber-incidents, including website defacement and private-sector reports of potentially destructive malware on their systems that could result in severe harm to critical functions.”
The agency emphasized that past deployments of similar malware, such as NotPetya and WannaCry ransomware, had caused significant, widespread damage to critical infrastructure.
Organizations of all sizes were urged by CISA to “take urgent, near-term steps to reduce the likelihood and impact of a potentially damaging compromise.”
Actions advised by the agency include ensuring that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication and ensuring that software is up to date.
Organizations should also confirm that all ports and protocols not essential for business purposes have been disabled and test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyber-attack.