Russia’s invasion of Ukraine has resulted in the potential for both intended and unintended cyberattacks from Russia on the global community—especially given sanctions on Russia levied by the international community.
In response, the United States Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory titled Shields Up that advises “all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
If you read through the advisory, you’ll note that it’s heavily focused on cyber resilience and the need to be able to withstand or recover from a successful attack, specifically advising corporate leaders and CEOs to “focus on continuity” and “plan for the worst.”
Key steps outlined by CISA include:
- Reduce the likelihood of cyber intrusion
- Take steps to quickly detect a potential intrusion
- Ensure that the organization can respond if an intrusion occurs
- Maximize the organization’s resilience to a destructive cyber incident
Reviewing With Your Clients
If you haven’t yet, you should carve out time to sit down with your clients and review the advisory together. It offers an ideal opportunity to discuss the difference between cyber security and cyber resilience and any holes they may have in their cyber resilience layers. We have dozens of articles here at the Cyber Resilience Zone to help you with client discussions. Here are 10 that may be particularly helpful in light of the “Shields Up” advisory:
* What is Managed Detection and Response?
* How To Help SMBs Comply With NSA Advisory On DoH
* What is Threat Intelligence?
* What MSPs Should Look for in an EPP Solution
* Endpoints: The Gap in Your Backup Solution
* Beyond Policies: Making the Case for SAT
* No Weak Points: Why Your Clients Need a Layered Defense
* How Backup and Restore Power Resilience
* DRaaS: the Remedy for Ransomware
* Serving Up Resilience with Replication
Additionally, since talking through the full spectrum of cyber resilience can be intimidating for some clients, don’t overlook the ability to discuss a simplified approach to complex cyber resilience needs by working with the right single-source resilience provider
Getting Your Clients to Take Action
Those realities aside, here are some talking points that may help in some common scenarios:
- Clients who have been slowly building resilience layers may respond to prompts to complete the job. Think of messaging along the lines of “You’ve done an amazing job getting this far. With this advisory coming out, now may be the time that we take those last steps.”
- Clients that have focused on security but not continuity may be responsive to messaging along these lines: “Note that the advisory repeatedly warns to prepare for a successful attack. We’ve set you up with a lot of security that hopefully will keep you safe. But now is the time to make sure you can weather an attack if one gets through anyway.”
- As mentioned earlier, clients that are overwhelmed by the many facets of cyber resilience may respond well to the single-provider angle. Think of messaging along the lines of: “I understand that it’s daunting to think of all the angles. That’s why we recommend a single-provider solution that syncs up your security with your continuity. It makes for a simple, synchronized, fully-managed solution that’s more effective than a bunch of siloed apps that don’t talk to each other.”
- For clients that perpetually drag their feet on all things resilience, consider getting them to add at least one more layer of protection. That discussion may go something like this: “Threats are growing, and we haven’t taken steps to make you more resilient in some time. This advisory feels like a wake-up call that we need to do more to keep you safe. Let’s at least add [whatever you think the client most needs] so you’ve got a better chance of withstanding an attack.”
Every client is unique—we get that. And depending on your client’s complexity and assuming your cyber resilience provider partner is up to the task, don’t be bashful about getting sales and engineering assistance. For some clients, bringing a team to the table makes all the difference.