In a statement from the White House, President Biden urged American businesses, especially in critical infrastructure, to “harden your cyber defenses immediately” based on “evolving intelligence that the Russian Government is exploring options for potential cyberattacks.” The FBI reportedly followed with a warning to the energy sector of scanning from Russia-based IP addresses.
US Government agencies have been preparing the way for a potential Russian attack in recent months with advice on enhancing cyber risk posture and resiliency -- see the CISA/FBI/NSA alert Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure.
But beyond suggesting patching for the most urgent vulnerabilities, government lists of recommended best practices can’t give specific guidance for an organization on prioritizing mitigations to meet threats from Russia vs. the other day-to-day demands of cybersecurity.
Cyber risk quantification based on FAIR™ (Factor Analysis of Information Risk) shows the way to ranking cybersecurity projects for their probable risk reduction and return on investment in financial terms.
Dig into the details with this Ukraine crisis reader of relevant posts from the RiskLens blog:
CISA Warning on Russia-sponsored Cyber Threats – How to Prioritize Your Response
Reporting to the Board on Emerging Threats in Cybersecurity
Cyber Risk Landscape Clarity: Putting Your Risk Ecosystem in Context with FAIR
Prepare for the Next SolarWinds-style Attack with a Risk Model (Webinar)
Jack Jones on Log4j: Take these Steps to Prepare for the Next Zero-Day Exploit (FAIR Institute)
Colonial Pipeline Ransomware – a FAIR Perspective (Webinar)
Take a first step toward prioritizing your cybersecurity defenses based on cyber risk quantification – Learn the top cyber risks in your industry with a free report from RiskLens.