Global Cybersecurity Organizations Address Common Mistakes in Threat Mitigation
The Cybersecurity and Infrastructure Security Agency, together with similar allied authorities worldwide, has released a joint advisory that highlights five common mistakes committed by network defenders when responding to cyber threats.
The joint alert, titled “Technical Approaches to Uncovering and Remediating Malicious Activity,” lays emphasis on thinking long-term instead of resorting to impulsive actions.
Cybersecurity organizations worldwide specifically warned against mitigating affected systems early on since it could prompt cyber actors to change their tactics accordingly, Nextgov reported Tuesday.
Additionally, the advisory cautions network defenders from touching adversary infrastructure because it could inform adversaries that they have already been detected. Network defenders should also be careful of preemptively blocking adversary infrastructure, as they might lose visibility of their adversary’s activities, the advisory said.
Among other things, the alert emphasized the risks of preemptively resetting passwords and failing to preserve or collect critical log data, which the organizations said should be retained for a minimum of one year.
Other proactive measures, including segmenting networks, shutting down unused systems or services and implementing the least-privilege principle of access, were tackled in the advisory as well.
According to a press release by CISA Director Christopher Krebs, a past Potomac Officers Club event speaker and 2020 Wash100 winner, the joint alert is the first of its kind for CISA since the agency’s inception in 2018.
The unified approach, Krebs said, allows cybersecurity organizations worldwide to extend their defensive umbrella on a global scale.
The joint alert was crafted by CISA, along with the Australian Cyber Security Centre, New Zealand’s National Cyber Security Centre and Computer Emergency Response Team, Canada’s Communications Security Establishment and the National Cyber Security Centre from the U.K.
Category: Speaker News
Tags: Christopher Krebs CISA cloud computing cybersecurity Cybersecurity and Infrastructure Security Agency National Cyber Security Centre National Institute of Standards and Technology Nextgov Paul Chichester Speaker News