We are aware of the recently disclosed vulnerabilities impacting Cisco ASA and Firepower Threat Defense (FTD) devices and are actively monitoring the situation.
DNS Firewall Subscribers
For members subscribed to our DNS Firewall service: please note there is no dependency on Cisco for this service, and there are no known issues with DNS Firewall at this time.
If You Suspect a Breach
- Cyber Insurance Claims: Notify your cyber insurance provider immediately for guidance and incident response. Members insured through our Cyber Insurance Program (delivered in partnership with Victor) should refer to their claims reporting information included with your policy package. Claims can also be reported on the Victor Response App.
Recommended Risk Management Actions
To support your local government’s cyber resilience, we recommend the following steps to help manage the risks associated with this vulnerability:
- Engage your IT service providers
- If you use a third-party IT provider, ask them to proactively review your system and security logs for unusual or unauthorized activity. Do not wait for them to contact you — take the initiative.
- Request a review of account and administrative activity for unusual changes, such as new administrator accounts, modified login settings, or logins from unexpected locations.
- If you rely on other managed service providers or external vendors, confirm they are aware of this issue and have implemented appropriate safeguards.
- Exercise caution with emails
- Be cautious with suspicious messages, particularly those containing links or requesting urgent action.
- If you receive a two-factor authentication (2FA) request you did not initiate, do not approve or click it. This may be a phishing attempt.
- Only click links or open attachments if you are confident in the sender and the context.
- Monitor trusted sources for updates
- Regularly review alerts and recommendations from trusted sources such as the Canadian Centre for Cyber Security.
- Reinforce good cyber hygiene practices
- Ensure critical systems are kept up to date with patches as they are released.
- Confirm that backup processes are functioning and that recent backups are available if needed.
- Remind staff to report suspicious emails or login prompts immediately.
- Verify your incident response plan is current so staff know who to contact if an incident occurs.
Stay Vigilant
Fraudulent attempts often spike during times of heightened cyber risk. Please remain vigilant and continue to practice good cyber risk management hygiene. You may notice an increase in phishing email activity — reinforce this reminder with your staff.
Our Eight Things to Enhance Your Resiliency Against Cyber Attacks publication outlines practical steps your local government can take on a day-to-day basis to proactively manage cyber risk and strengthen your defenses.
We encourage all members to remain proactive. By engaging your IT providers early, practicing good cyber hygiene, and reinforcing safe practices within your local government, you can significantly reduce the likelihood of a serious incident.
If you have any questions, please reach out to a member of your local government’s dedicated Insurance Solutions Team at AskUsAnything@miabc.org.