America’s Cybersecurity and Infrastructure Security Agency (CISA) put out an advisory in December 2023 (see https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a) which detailed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) of the ALPHV Blackcat ransomware as a service (RaaS). Additionally, the advisory goes on to provide useful incident response guidance and potential mitigations.
What stands out, though, are the summary actions listed as:
- Routinely take inventory of assets and data to identify authorized and unauthorized devices and software.
- Prioritize remediation of known exploited vulnerabilities.
- Enable and enforce multifactor authentication with strong passwords.
- Close unused ports and remove applications not deemed necessary for day-to-day operations.
Whilst the National Cyber Security Centre (NCSC) Cyber Essentials scheme does not mandate an inventory, it does state that asset management should be considered as a core security function. In all other respects the CISA summary actions are explicitly addressed by Cyber Essentials requirements. It’s good to see this consistent approach between leading cyber security agencies.
If you’re looking for a trusted cyber security partner, are based in the UK and interested in the NCSC’s Cyber Essentials scheme, or are based overseas and interested in the IASME Cyber Baseline scheme, please contact us.