International tensions: manage the implementation of cybersecurity measures in emergency situations

March 2022

Ever since the Russian military began invading Ukraine, we have been anticipating possible cyber attack campaigns both on the battlefield and in NATO member countries. Vigilance and anticipation are therefore essential for our private companies and public organizations. We must be prepared to deal with the consequences of a potential cyber war that may transcend Ukrainian borders.

Whether it be massive cyber attacks aimed at causing as many victims as possible or targeted attacks on essential and critical infrastructures (vital operators, energy companies, healthcare organizations, etc.), we need to redefine the cybersecurity priorities and measures to be put in place in case we must adapt as quickly as possible to a cyberwar context. Despite the high level of awareness of cyber-risks in companies, there is an urgent need to ensure that good IT hygiene rules are applied, with effective measures that contribute fully to a cyber-resilience strategy.

In this Cyberwar Context, what are the Priority Cybersecurity Measures?

To avoid the possible effects of the conflict, the French National Agency for the Security of Information Systems (ANSSI) has already recommended the implementation of 5 priority measures:

1. Strengthening authentication in IT systems

The ANSSI highly recommends establishing a strong authentication requiring at least two factors (Multifactor Authentication or MFA) to ensure that the person or machine wishing to access an account (applications, database, etc.) is who they claim to be. This measure becomes even more necessary in the case of users who have access to critical corporate resources (administrators, managers, executives).

2. Increasing safety oversight

Reinforcing the vigilance of supervisory teams is essential, by investigating anomalies that might be ignored under normal conditions. Specifically, in an Active Directory environment, unusual connections on domain controllers should be inspected.

3. Performing an offline backup of the most important data and applications

Regular backups of all data, including data on file servers and critical business application infrastructures, are required.

4. Making a critical digital services priority list

Organizations must have a clear vision of their IT systems and their criticality to prioritize security actions and react effectively in the event of an incident. Companies, in order to enable business continuity, must have an inventory of their digital services, including those that depend on service providers. This will allow them to quickly identify the most sensitive services.

5. Ensuring the existence of a crisis management system adapted to a cyber attack

The aim is for organizations to define a cyber attack response plan, together with a crisis management system – in the event of a crisis – to ensure business continuity and then a return to an operational state.

But how to implement these measures when you lack in-house cyber expertise?

Once these priority measures have been identified, they must be quickly implemented. The stakes are high, as there are not enough cybersecurity experts to meet companies’ current needs. We are talking about no less than 3.5 million job openings worldwide in 2021. In a market where demand is much greater than supply, short-term contracting becomes impossible. However, there is a solution that protects IT resources despite the lack of internal ones: Managed security services. These services are the only interesting outsourcing option to quickly manage corporate information security and have immediate access to a range of cybersecurity expertise. Managed security services allow companies to focus on their core business and be informed about the security service status of their IT systems.

With WALLIX, you can respond to emergencies while taking a global and long-term approach

WALLIX, with its PAM4ALL solution, enables you to implement priority cybersecurity measures through a managed service model. PAM4ALL is the unified privilege and access management solution that allows you to protect, control, and manage all access of your users (whether human or machine, such as IT administrators, employees, subcontractors, etc.). PAM4ALL consists of several modules that evolve with a company’s needs, challenges, and context. Regarding the ANSSI recommendations, PAM4ALL lays the foundations of a Zero-Trust architecture and enables compliance with 3 of the 5 priority measures thanks to:

• Multifactor Authentication or MFA, which neutralizes the risks associated with compromised credentials using a wide range of mechanisms (SMS, Tokens).
• Remote Access Management for suppliers, employees, or third-party maintainers by applying granular permissions for users who have access to a company’s sensitive digital services.
• Session Management, which increases security monitoring and controls “what, how and when” people, both internal and external, have access to the company’s strategic assets.
• Password Management, with the protection and rotation of passwords and keys, as well as the elimination of hard-coded passwords. PAM4ALL also allows the separation of workstations from accounts dedicated to the administration of company users (silos) and protects credentials and passwords with access to the Active Directory.
• Least Privilege Management, to remove local administrative rights from workstations in order to grant the right privileges to the right user at the right time, block lateral movements and stop the spread of malware.

By using PAM4ALL as a managed service, experts manage the administration and maintenance of your solution to protect access to your company’s assets (servers, applications, IoT systems, cloud-hosted resources, etc.). You will be able to face the current geopolitical context by relying on outsourced technologies and skills with complete peace of mind.

For more information, please contact our experts. They will be happy to assist you in this current emergency context.