Preventing Cyber Shutdowns by Implementing CIS Controls

By: Brian Ventura

India’s State Government Datacenter was attacked and infected with malware , shutting down core citizen services. An incident of this size can severely impact large communities! While the IT team knowingly powered off systems, causing services to go offline; powering off systems slowed and stopped the spread of the infection. While this appears not to be a breach, governments, public, and private entities are increasingly facing these severe incidents. The impacts can be devastating. Having a strong, confident information security program has become a requirement. The Center for Internet Security recently updated their CIS Critical Security Controls v8.1, which are focused on removing the most important cyber risks to the organization. In this case, properly implemented CIS Controls would have reduced and possibly avoided the incident. A glimmer of hope for the Uttarakhand government is a promised focus on enhancing CyberSecurity from the Chief Minister.

Comparing the published details around the incident with the CIS Control safeguards, we identify several CIS safeguards that would have prevented or at least detected the malware far earlier in the process, drastically reducing impact to the organization.

• Control #1 and 2 are foundational and by themselves may have thwarted this malware.
• Control #1 identifies all systems that need controls (inventory).
• Control #2 identifies all software on these systems, then enforces Application Control, allowing only authorized software to execute and blocking most malware!
• Control #4 enforces secure configurations which limit system access and exploitation.
• Control #10 specifically focuses on Malware defenses. Coupled with Control #2, most malware will not find purchase on the system: being blocked and detected immediately.
• Control #13 provides monitoring for intrusions at the network and host level, identifying additional concerns like command and control or data exfiltration.

Identifying the most important tools and controls to put in place can be challenging with competing messages. Vendors tout products that solve all problem or make the problem they solve sound like the problem most important to solve. Compliance requires certain protections without definitively assuring security. High-level frameworks dictate what must be done at a high-level, requiring translation into specific technologies and solutions. The CIS Controls are designed to address the most common and damaging attacks today and in the future with technical controls. These become a minimum-security state and provide more than 90% protections against the most common and damaging attacks today (including: Malware, Ransomware, Web Application hacking, Insider and Privileged Misuse, Targeted Intrusions). The SEC566 course dives into these preventive measures, equipping cybersecurity leaders with practical skills to implement these foundational controls and protect against such incidents.

- Connect with Brian Ventura , SANS Certified Instructor and Author of SEC566: Implementing and Auditing CIS Controls

Save the Date - Free Webcasts Coming Up!

Understanding the Risk Management Mandates in 2024 Cybersecurity Regulations

• Tuesday, 12 November at 10am ET/3pm GMT
• Join James Tarala for this webcast that is focused on the critical updates to the NIS2 directive and other cybersecurity regulations that will reshape compliance requirements in Europe. It will provide practical strategies for managing risk while ensuring alignment with the new mandates.
• Register Here

Top Three CISO Strategic Issues

• Thursday, November 14 at 1pm ET
• CISOs and security leaders are under increased scrutiny and pressure, not only from internal leadership, but also from external requirements like the updated SEC rules and NIS2 changes in Europe. Frank Kim will cover this new regulatory landscape, how to best communicate with the board, and how to build your business case in response to technology shifts like GenAI.
• Register Here

Understanding the 2024 Updates to the NIST Cybersecurity Framework (CSF)

• Tuesday, November 10 at 10am ET
• This presentation will focus on the advancements in the NIST CSF 2.0. As organizations worldwide have adopted the NIST CSF to prioritize essential cybersecurity safeguards and enhance communication with stakeholders, the release of version 2.0 calls for a governance update and refinement of existing strategies. James Tarala will offer a thorough examination and actionable strategies to facilitate your organization's transition to the updated framework.
• Register Here

Claim Your Free Hour of SEC566

Learn how an organization can defend its information by using a vetted cybersecurity control standard. Students will specifically learn how to implement, manage, and assess security control requirements defined by the Center for Internet Security's (CIS) Controls. Students will gain direct knowledge of the CIS Controls and ecosystem of tools to implement CIS controls across organizations complex networks, including cloud assets.

Get access to a free hour-long demo of the course here.

Operational Cybersecurity Executive Triad

An Operational Cybersecurity Executive will be able to grow and sharpen their cyber defense team, understand and implement critical security controls through a prioritized, risk-based approach, and mature a vulnerability management program by strategically prioritizing vulnerabilities. They can also align SOC efforts to enhance defensive capabilities, drive and communicate improvements, decrease the company's risk profile, and increase ROI on cybersecurity investments. Earn the triad coin by completing SEC566, LDR516, and LDR551. Learn more here.

SANS Cybersecurity Leadership Curriculum | SANS Cybersecurity Leadership Triads | Preview SANS Courses | Join the SANS Community | Connect with our Solutions Team