Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) warned of “a broad and significant cyber espionage campaign” on telecommunication infrastructure. CISA, along with the NSA and FBI, released guidance on steps telecommunications firms should take to secure and protect their networks immediately.
CISA recommends a "defense-in-depth" approach, which involves implementing multiple layers of security to protect critical systems. CISA's key recommendations for enhanced security align with our own, and include:
Asset Management and Inventory: Maintain a comprehensive inventory of all your operational environment's devices, software, and systems.
Vulnerability Assessment and Network Segmentation: Understand where your vulnerabilities are, and divide your network into smaller, isolated segments to limit the impact of a breach.
Security Hardening: Implement strong security controls, including firewalls, intrusion detection systems, and multi-factor authentication. Include ongoing patching and regular backups.
Proactive Monitoring and Threat Detection: Continuously monitor network traffic and system logs for suspicious activity. Include BGP monitoring to protect against outside threats.
Incident Response Planning: Develop a plan to effectively handle security incidents, including containment, eradication, and recovery procedures.
Next steps:
We encourage you and your team to review the CISA guidance document for detailed insights and recommendations.
Schedule a call with us to start implementing these recommendations or strengthening your network’s security.
Join our webinar “What the @#$% Just Happened?”, co-hosted with WTA and featuring Kristi Westbrock of CTC of MN, which will share specifics on how one ISP effectively handled a cyberattack.
留言