Skip to content

New CISA Cybersecurity Guidelines for Companies

Posted by Trevagh Stankard on Tue, Jul 12th, 2022

CISA says Shields Up! The Cyber-war is here…

The Department of Homeland Security oversees the U.S. CISA (Cybersecurity and Infrastructure Security Agency). The CISA's core values are Collaboration, Innovation, Service, and Accountability; these values are central to the essential work needed to stem an onslaught of cybersecurity attacks. This collaboration involves cooperation on cybersecurity matters between the private sector and the government. The goal is to build and maintain secure critical infrastructures to protect citizens.

As cybersecurity threats rain down on the USA and across the globe, the CISA has created the Shields Up website that provides a series of threat alerts and guidelines to protect organizations.

A World of Critical Cyberthreats

The world is up against an unprecedented onslaught of cyber-attacks. World events, including the Covid-19 pandemic and the war on Ukraine, have emboldened cybercriminals. In a recent address, President Biden warned companies that operate critical infrastructures of impending Russian-sponsored attacks.

Biden stated:

“ my administration has issued renewed warnings that, based on evolving intelligence, Russia may be planning a cyberattack against us. And as I’ve said, the magnitude of Russia’s cyber capacity is fairly consequential, and it’s coming.

This address comes on the heels of increasing cyberattacks: in 2021, an IDC report found that 37% of worldwide organizations were victims of ransomware; the FBI identified losses of over $43 billion due to Business Email Compromise between 2016 and 2021.

The CISA Shields Up initiative attempts to redress the balance by offering guidance on protecting against these attacks.

Shields Up!

The CISA lays out its vision for a cyber-secure infrastructure by declaring, "Every organization—large and small—must be prepared to respond to disruptive cyber incidents." To help in this endeavor, the CISA Shields Up website offers a series of alerts, advisories, and best practices. In addition, Shields Up looks at a current and imminent threat profile and advises on how to protect against the cyber-threat. Some recent examples include:

Alert (AA22-131A): Protecting Against Cyber Threats to Managed Service Providers and their Customers

This alert identifies an increase in cyber-threats targeting managed service providers (MSPs) and their access to client networks in the USA, U.K., Australia, Canada, and New Zealand. The threats focus on ransomware infection and cyber-espionage, with CISA offering a series of best practices to mitigate the risks to MSPs and customers. Cyber-threat prevention measures include anti-phishing, internet-facing services protection, and password defense.


This advisory gives an overview of Russian-sponsored cyber threats to critical infrastructures. This advisory is a collaboration between the United States, Australia, New Zealand, and the United Kingdom. It involves work with industry bodies via the Joint Cyber Defense Collaborative, which brings the public and private sectors together to tackle cyber-threats.  The advisory focuses on four key defensive measures:

  1. Prioritize patching of known exploited vulnerabilities;
  2. Enforce multi-factor authentication (MFA);
  3. Monitor remote desktop protocol (RDP); and
  4. Provide end-user awareness and training

Joint Cybersecurity Advisory: 2021 Top Routinely Exploited Vulnerabilities

Another collaborative investigation involves the United States, Australia, Canada, New Zealand, and the United Kingdom. The research identifies the top cyber-threats to businesses. The resulting paper identifies the highest risk vulnerabilities to companies worldwide: this includes the Log4Shell vulnerability, several vulnerabilities in Microsoft Exchange Server, and Microsoft Office. Mitigations include:

  • Centralized patch systems.

  • Scanning and patching of internet-facing systems.
  • Continuous monitoring of the attack surface.

Round-up of defensive measures from Shields Up!

Shields Up works by bringing the collective knowledge of industry and government together to tackle the thorny issue of increasing cyber-attacks. This is a vital strategy in a troubled world where war has crossed the chasm from purely physical-attacks to cyber-attacks. While each attack may have a complex profile, specific security measures are strongly recommended by the Shields Up advisories:

Provide security awareness training

The CISA states, "Phishing is one of the top infection vectors for ransomware, and Russian state-sponsored APT actors have conducted successful spear-phishing campaigns to gain credentials of target networks." Therefore, employees need to know the tell-tale signs of phishing to prevent clicking on malicious links or downloading infected attachments. Success can be achieved by using behavior-driven security awareness training, allowing an organization to focus on specific poor security behaviors of an individual.

Enable Strong Spam Filters

CISA recommends using spam filters to prevent phishing emails from entering employee inboxes. These filters should use advanced and intelligent mechanisms, including machine learning, to be effective against emerging phishing threats.  

Update software

Cybercrime propagates through vulnerabilities in our I.T. systems. Therefore, organizations must keep software and firmware up to date and patch promptly: the CISA suggests a centralized patch management system to automate patching. CISA also suggests using vulnerability scanning to check across an expanded network of devices and apps.

The CISA holds a vulnerability catalog that security professionals can access to keep them aware of known security flaws.

Enforce MFA

CISA suggests enforcing the use of additional factors for authentication to apps. The agency also recommends good password hygiene measures such as not sharing or reusing passwords. Considering a Google survey that found 62% of people reuse passwords, this is wise advice.

Manage access

Access control is a key preventative measure against cybersecurity attacks. Advisories include applying the principle of least privilege to prevent unauthorized access to sensitive web servers and data.

Preparing for a cyber-incident is also covered by the CISA, which recommends that organizations:

Cyber-attacks are out of control, but the CISA provides a way to fight back. By using the CISA Shields Up website and keeping up to date with the best practice advice offered in the alerts and guidance, a company can protect itself from the onslaught of threats in a troubled world.

Sign up for a FREE Demo of SafeTitan to learn how the solution works to add an additional layer of defense against security attacks.

Book Free Demo

Related Articles

Never Miss a Blog Post

Sign-up for email updates...

Get Your 14 Day Free Trial

Talk to Our Email and DNS Security Team

Call us on US +1 813 304 2544

Contact Us