Once again, another Ransomware breach has threatened SMB’s across the country. As most know by now, Kaseya, an IT solutions developer has become the latest victim of a major software supply chain hack that has impacted more than 1,500 companies. To read the full release from the Cybersecurity & Infrastructure Security Agency (CISA), click here.
At AT-NET, we understand that breaches are always a possibility no matter how diligent you and your employees remain. With many breaches such as this most recent Kaseya incident, it’s not even your organization’s fault that this has happened, but it is your responsibility to have an Incident Response Plan in place to protect your data and keep your business running.
On the heels of the Colonial pipeline breach, we put together a set of recommendations and mitigations from CISA to help guide you on protecting your business. You can find those mitigations here, but below are a couple of our key suggestions:
- Require multi-factor authentication for remote access to OT and IT networks.
- Enable strong spam filters to prevent phishing emails from reaching end users. Filter emails containing executable files from reaching end users.
- Implement a user training program and simulated attacks for spear phishing to discourage users from visiting malicious websites or opening malicious attachments and re-enforce the appropriate user responses to spear-phishing emails.
- Filter network traffic to prohibit ingress and egress communications with known malicious IP addresses. Prevent users from accessing malicious websites by implementing URL blocklists and/or allowlists.
- Update software including operating systems, applications, and firmware on IT network assets, in a timely manner. Consider using a centralized patch management system; use a risk-based assessment strategy to determine which OT network assets and zones should participate in the patch management program.
- Implement regular data backup procedures on both the IT and OT networks. Backup procedures should be conducted on a frequent basis, tested regularly, and stored separately.
If you are concerned that your organization’s ability to complete any of the above recommendations or you would like help putting together an Incident Response Plan, please contact us here or give us a call at (844) 506-2116.
