The Indian Computer Emergency Response Team (“CERT-In”) has issued a high-severity Advisory titled “Essential Measures for Industry for Safeguarding Business Operations against Cyber Security Threats” for industries to safeguard business operations and sensitive data. The Advisory underscores the increasing frequency and sophistication of cyberattacks including ransomware, DDoS incidents, website defacements, data breaches and malware infections that threaten the confidentiality, integrity and availability of business systems and services.

Key Highlights:

Accordingly, the industries need to implement the following safeguarding measures:

1. Strengthen Authentication & Access Control

1. 1. Enforce strong password policies with long, complex, and unique credentials for each service.
   2. Implement Multi-Factor Authentication (MFA) to secure accounts.
   3. Apply role-based access control (RBAC) to restrict employee permissions based on their responsibilities.
2. Web Server & Infrastructure Protection
   1. Scan all web servers and infrastructure for open ports and known vulnerabilities.
   2. Remove or isolate unmaintained old or unused web applications and systems,
   3. Deploy web application firewall.
3. Implement robust Data Protection Plan
   1. Maintain regular offline backups to mitigate ransomware risks.
   2. Regularly test backup restoration procedures to ensure data recovery remains reliable.
4. Develop an incident response plan
   1. Establish a structured response plan to effectively address breaches and  cyber incidents
   2. Continuously analyse log files and network activity for failed login attempts, configuration behaviour.
5. Conduct employee awareness and training
   1. Conduct regular cybersecurity training to educate employees about phishing, social engineering, and best practices. Simulate phishing attack exercises to improve user awareness.
   2. Organise routine cyber drills to simulate attacks and response measures.
6. Supply chain monitoring
   1. Establish continuous monitoring of vendor and supplier activities.
7. Zero trust architecture
   1. Implement a zero trust security model where no entity, whether inside or outside the organisation, is trusted by default.
   2. Enforce strict identity verification and authorisation for every network activity for failed login attempts, configuration changes, new device connections or other suspicious behaviour.

All suspicious cyber activity must be reported to CERT-In at incident@cert-in.org.in. Logs should be preserved in accordance with CERT-In’s 28th April, 2022 Directive and submitted with the incident report.

Source: CERT-IN

Share this: