Actions to take when the cyber threat is heightened

An organization’s perception of its cyber risk may evolve when new information surfaces indicating a heightened threat. This could occur due to a temporary spike in adversary capabilities, such as the discovery of a zero-day vulnerability in a commonly used service that malicious actors are actively exploiting. Alternatively, it may relate to specific organizations, sectors, or nations due to factors like hacktivism or geopolitical instability.

These varied circumstances prompt organizations of all sizes to adopt strategies that enable them to effectively respond to such events. It’s rare for an organization to influence the overall threat level, so focus often shifts to diminishing its vulnerability to attacks and minimizing the potential impact of successful attacks. Even the best-prepared adversaries tend to exploit known vulnerabilities, misconfigurations, or employ credential attacks (like password spraying, utilizing breached credentials or authentication token reuse). Mitigating their access to these techniques is key to reducing your organization’s cyber risk.

For organizations large and small, establishing and maintaining fundamental cybersecurity practices is essential to safeguard devices, networks, and systems. The following actions focus on ensuring that essential cybersecurity hygiene measures are implemented and operating correctly. This remains crucial in all scenarios, but is especially vital during periods of increased cyber threat.

While organizations may not be able to execute broad system modifications swiftly in response to a heightened threat, it is imperative that they prioritize the implementation of these critical actions.

Large organizations should ensure that they undertake all the actions mentioned above, solidifying foundational security measures. For those utilizing the Cyber Assessment Framework to gain insights into cyber risk, it is important to note that the CAF provides guidance on all areas covered in the aforementioned actions. If your organization has deprioritized any areas of the CAF, it is advisable to reassess these decisions immediately in light of heightened threats.

Furthermore, organizations with sufficient resources should also contemplate the following actions:

1. If your organization has strategies in place to progressively enhance cyber security, consider reviewing the possibility of accelerating the implementation of key mitigating measures, recognizing that this may necessitate a reprioritization of resources or investments.
2. All technology services or systems carry inherent risks. Mature organizations typically make balanced, risk-informed decisions. During heightened threats, organizations should reassess key risk-based decisions and determine whether to continue tolerating those risks or to invest in remediation or accept a reduction in capabilities.
3. Certain functions, such as extensive data exchanges from untrusted networks, may increase cyber risks. Large organizations should evaluate the appropriateness of temporarily lowering functionality to minimize exposure to threats.
4. Large organizations often have systems to assess, test, and implement software patches at scale. In times of heightened threats, your organization may want to adopt a more aggressive approach to patching vulnerabilities, understanding that this could impact service delivery.
5. During this period, larger organizations should contemplate postponing any significant system changes that are not related to security.
6. If you possess an operational security team or Security Operations Center (SOC), consider arrangements for extended operational hours or create contingency plans to quickly scale up operations in the event of a cyber incident.
7. If your systems can automate actions or notifications based on threat intelligence, consider sourcing threat feeds that may provide insights relevant to the heightened threat period.