b"NEWSWIREFive Urgent Cybersecurity Actions for ExecutivesI n todays highly connected and complexen to protect a company's most critical assets incritical infrastructure and serve as a close part-technology environment, it is increasinglycase of an intrusion, including disconnectingner, along with the rest of the Federal govern-challengingtocompletelypreventinci- high-impact parts of the network if necessary. ment, in ensuring the security and resilience of dents that may disrupt business operations. Ascompaniesoperations.Forfurtherinforma-the first signs of a major cyber-attack on U.S.CISA aims to lead the national effort to under- tion, contact them at central@cisa.dhs.gov or infrastructure may be detected by an individu- stand, manage, and reduce risk to Americasvisit their site Shields Up.al company, the Cybersecurity and Infrastruc-ture Security Agency (CISA) wants to reem-phasize the importance of collaboration to see and understand the threat. Theyve outlined five focus areas for every company:Empower Chief Information Security Of-ficers (CISO): Security improvements are of-ten weighed against cost and operational risks tothebusiness.CISOsshouldbeincluded in the decision-making process for risk to the company and to ensure that the entire organi-zation understands that security investments are a top priority in the immediate term.LowerReportingThresholds:Organiza-tions should have documented thresholds for reporting potential cyber incidents to manage-ment and the government. In the current level of threat, these thresholds should be lowered in order to help identify issues sooner and protect against further attacks. The expectation should be that any indications of malicious cyber ac-tivity,evenifblockedbysecuritycontrols, should be reported to CISA or the FBI. Participate in a Test of Response Plans: Cyber incident response plans should include not only your security and IT teams, but also senior business leadership and board members. Senior management should participate in a ta-bletop exercise to ensure familiarity with how your organization will manage a major cyber incident to not only your company, but also companies within your supply chain.Focus on Continuity: Investments in secu-rity and resilience should be focused on those systems supporting critical business functions. Such systems should be identified and conti-nuity tests should be conducted to ensure that critical business functions can remain available subsequent to a cyber intrusion.Plan for the Worst: Businesses should plan for a worst-case scenario. Senior management should ensure that exigent measures can be tak-39 MARCH 2022"