This agency discusses the most common ways hackers can hack victims’ networks and offers tips to lower risk.
Cybersecurity and Infrastructure Security Agency has issued a news advisory that states that cybercriminals have taken advantage of users’ weak security configurations, weak controls and other bad cyber hygiene practices in order to gain access to victim’s systems. The agency also reviews the top 10 ways hackers breach networks and what companies can do to reduce the risk of potential attacks.
According to CISA’s research, hackers use the following methods to gain access to an organization’s network or systems.
- Multi Factor authentication (MFA) not being enforced
- Incorrectly applied privileges, permissions, and errors in access control lists
- Software is not up-to-date
- Use vendor-supplied default configurations, default login usernames, and passwords
- Remote services lack sufficient controls to prevent unauthorized entry
- It is not possible to implement strong password policies
- Cloud services are not protected
- Misconfigured and open ports are exposed to the internet
- Phishing attempts are difficult to spot or block
- Poor endpoint detection and response
This is one of the best lists I have seen. It lists the top reasons that organizations are vulnerable to cyberattacks. Chris Clements, Cerberus Sentinel’s vice president for solutions architecture, said, “This list is very good.” CISA’s recommendations can help organizations dramatically improve their cybersecurity and resilience to cyberattack. However, it can be hard to implement many of these items, especially if there isn’t a strong cybersecurity culture. An organization that doesn’t have a culture of cybersecurity can find it difficult to know where to start.
Many of these attacks are due to organizational or user errors, as you can see. It is important that cybercriminals are prevented from gaining access to the network or system in question by the administrator of the device.
Roger Grimes at KnowBe4 is a data-driven defense evangelist. He disagrees with the advisory and says that CISA does not highlight the most important areas users and enterprises should be aware of.
Grimes stated that “Unfortunately, as with most warnings of this nature, it doesn’t tell readers one big truth that they should know. It is that phishing or social engineering are between 50% and 90% of the problem.” It mentions social engineering and phishing almost in passing, as is the case with most warnings. None of the mitigations address fighting phishing and social engineering attacks. Although social engineering is the greatest threat, it is not mentioned in the mitigations.
Most Popular: https://www.techallabout.com/workers-is-a-challenge/
CISA’s tips for mitigating risk factors
CISA issued the top 10 attack vectors for cybercriminals. The agency also provided the following recommendations for anyone who might be under fire from hackers.
- Zero-trust security allows you to control access
- Implement MFA to implement credential hardening
- Establish centralized log management
- Antivirus programs should be used
- Use detection tools to search for vulnerabilities
- Maintain rigorous configuration management programs
- Start a program for software and patch management
Some of these tips are obvious to IT professionals, like using detection tools, antivirus software, and keeping your software up-to-date with patches. However, others may be more difficult to implement, particularly for small businesses. Clements also urged CISA to use a zero trust model. The advisory does not discuss how an organization might go about this, but only the benefits.
“Adopt a zero trust security model” is the first item on the mitigations list. Clements stated that zero trust can be a very effective method of network defense, but it can also be difficult to implement. This is especially true for organizations that have large environments, legacy dependencies or are limited in staff and budget. It is crucial for all organizations to have a culture of security that evaluates their risk and implements best practices quickly. This will help them to develop a long- and short-term defense strategy. Although a [security operations center] can be a great asset, not all organizations have the resources or staff to create and maintain their own.