CISA Urges Critical Infrastructure to Be Alert for Holiday Threats

As Americans across the country get ready for turkey and travel this Thanksgiving, the Cybersecurity and Infrastructure Security Agency and the FBI issued a warning to all organizations, but especially critical infrastructure, about security threats they might face during the holiday season.

“Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways — big and small — to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure,” officials wrote in a statement.

While they have not identified any specific threats, officials noted this year’s trends show attackers have chosen holidays and weekends, such as Independence Day and Mother’s Day weekends, to launch serious ransomware campaigns. They urge organizations to examine their security posture and adopt best practices to manage their risk.

The recommendations include identifying IT security employees who would be available to work during weekends and holidays in the event a cyberattack occurs. They also advise implementing multifactor authentication for remote access and admin accounts; mandating strong passwords and ensuring they aren’t reused across multiple accounts; and ensuring potentially risky services such as Remote Desktop Protocol (RDP) are secure and monitored.

Officials also advise reviewing incident response and communication plans, and updating them if necessary, to reduce potential business impact if an incident occurs.

Read the full release for more details.