War is one of humanity’s oldest and most merciless, dehumanizing, and abhorrent acts. In the modern age, war is also now publicly documented, with a constant, unmoderated stream of updates on social media taking us right to the place events are unfolding, throwing into stark relief the individual and personal impacts of war as it happens. We are seeing this now with the war on Ukraine. Perhaps this shared experience will make the world reflect on the impact and implications of war—and will give nations and their leaders pause in the future. I hope for peace, for the safety of the Ukrainian people, and for the continuation of a free and independent Ukraine.
Another lesson of the war between Russia and Ukraine is that the parameters of the battlefield have evolved tremendously in the last 20 years. Wars are fought on battlefields and oceans and in the skies above us. Increasingly, they are also fought on the network, as combatants seek to weaken their enemies by compromising systems, data, and critical infrastructure.
Earlier this week the Cybersecurity & Infrastructure Security Agency (CISA), in conjunction with the FBI issued a new Shields Up warning based on the Russia/Ukraine conflict, advising organizations to adopt a heightened security posture and prepare for the likelihood of an attack.
With its Shields Up warning, CISA provides concrete guidance about where organizations should focus their efforts at this moment of crisis. The warning also offers clear, straightforward, and actionable recommendations for corporate leaders and executives around how they can best support security teams and prepare their organizations for a worst-case scenario. This includes ensuring visibility and support for CISOs and SecOps teams, lowering reporting thresholds for threat activity, and testing plans and capabilities around incident response and business continuity.
As a CEO, I hope corporate and organizational leaders take this guidance to heart and implement it, to the greatest extent possible, for the duration of this heightened alert period and in the future. As leaders, it is essential that we trust the people we hired, and to empower them to succeed in the role for which they were hired. Now is the time to reinvigorate a critical relationship between our cyber defense teams and the rest of the businesses. What CISA is asking on behalf of every CISO and every security practitioner is this: Cybersecurity is essential to your business, and we have reached a moment when it is at incredibly high risk. Give your security teams your full support by resourcing them, and then let them do what they do best—defend your systems, your data, and your organization.
To help leaders like you establish that communication, I’d like to offer some lessons I’ve learned throughout my career, and some advice that I’ve taken to heart on my leadership journey.
As you start a discussion with your security and technical teams, also keep in mind that systems integrators, managed services providers, channel partners, and technology vendors have expertise and services that can help organizations scale up defenses during times of high alert, and help assess organizational readiness to defend against advanced threats.
At ExtraHop, we are standing by to help our customers with any concerns or questions. At this critical moment for so many organizations, we are dedicating resources to ensure that organizations get the support they need to effectively defend their networks from attack. To learn more about how we can help assess your security posture (including identifying devices still vulnerable to Log4Shell), contact us at firstname.lastname@example.org. We also have new recommendations for how to implement and mature CISAs Shields Up guidance for organizations.
CISA’s Shields Up warning and associated guidance is a reminder that we are united in a common mission: To defend our organizations, our customers, our employees, and our data, against advanced attacks. That mission is more important now than ever, and you have our full support.
This post is also available in: English