Russia-Ukraine Crisis Cybersecurity Resources

What you need to know and do following the White House's call to act


The White House has issued a cybersecurity warning, stating that the ongoing Russia-Ukraine conflict presents a “critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience.” Here's your guide to making sure your organization is covered.

Take action now

Patch and harden your environment

The internet is quickly becoming the fifth domain of warfare worldwide. We're seeing this in real time as the President releases intelligence-driven warnings around cyberattacks. See the President's latest announcement.

The way that we do IT and security must fundamentally shift.
Start with these steps to harden your environment against potential cyberattacks.

1

Reduce the likelihood of attack

In addition to validating all remote access to networks and adopting MFA, make sure software is up-to-date, especially known exploited vulnerabilities.

2

Tighten up your incident response plan

Put your crisis-response team on notice and identify key points of contact, individual roles, availability to prep for a potential incident.

3

Stay on high alert

Make sure ITOps and SecOps are focused on identifying unexpected or unusual network behavior. Monitor and test your systems to make sure critical functions and data are protected in the event of a breach.

Build your cyber resilience

The latest developments in the Russia-Ukraine crisis shine extra light on the fact that organizations must strengthen their cyber defenses.

IT and security shoulder the immense task of protecting personal and corporate data, employee productivity, the company's reputation, and much more. Now is a critical time to act with appropriate tools and resources.

Getting started

You greatly reduce the likelihood of attack by keeping your systems and software updated. Prioritize patching known exploited vulnerabilities, especially those CVEs identified in this Cybersecurity Alert, and then critical and high vulnerabilities that allow for remote code execution or denial-of-service on internet-facing equipment.

See CISA's full list of known vulnerabilities

Automation is the best tool to proactively stay ahead of attacks. Most organizations take an average of 102 days to patch systems, but it's become an industry best practice to patch within 24 hours of patch release to keep your organization protected.

Get tips on how to fix vulnerabilities fast with automation

Purple teaming is a way for your organization's offensive and defensive security teams (the red and blue teams, respectively) to work together and learn from each other. This exercise can help you build resilience and enhance your ability to stop an attack even when some of your tooling fails to detect or respond to malicious activity.

Learn how to run a purple-teaming exercise to identify security gaps

Get more cybersecurity insights

BLOG

Biden's Urgent Call for Heightened Cybersecurity

President Biden states leaders must prioritize IT and security within their organizations to protect against potential cyberattacks.

LEARN MORE

BLOG

CISA Issues "Shields Up" Guidance for All Organizations

CISA is urging companies to take these measures to reduce exposure and minimize damaging attacks from state-sponsored actors.

LEARN MORE

BLOG

How to Improve Cyber Resilience

These five factors should top your list of items to consider as you work to improve your organization's cyber resilience.

LEARN MORE