Things you should and shouldn’t be doing if you want to stay protected online. With recommendations from CISA’s Joint Cybersecurity Advisory.
In today’s heightened threat environment businesses must be more vigilant than ever. But how can someone stay vigilant when they don’t know where to begin with their security efforts? A good starting point would be to begin at the first access point – where hackers initially gain access to your systems. According to the Cybersecurity and Infrastructure Security Agency (CISA), “cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access to compromise a victim’s system.”
Attackers today are crafty, if they are wanting to access your system they will use any technique possible to hack into your system. That’s why a Cybersecurity Advisory was created. This Cybersecurity Advisory includes cybersecurity authorities of the United States, Canada, New Zealand, the Netherlands and the United Kingdom. This joint advisory recently compiled a report of weak security practices that defenders should implement to keep their systems protected.
Ways Malicious Actors Can Gain Access:
- Exploit Public-Facing Application
- External Remote Services
- Phishing
- Trusted Relationship
- Valid Accounts
Cybersecurity Don’ts – You shouldn’t be doing these things if you want to protect your system.
CISA’s suggestions:
- Multifactor authentication is not enforced
- Incorrectly applied privileges or permissions and errors within access control lists
- Software is not up to date
- Use of vendor-supplied default configurations or default login usernames and passwords
- Remote services, such as VPNs, lack sufficient controls to prevent unauthorized access
- Strong password policies are not implemented
- Cloud services are unprotected
- Open ports and misconfigured services are exposed to the internet
- Failure to detect or block phishing attempts
- Poor endpoint detection and response
Cybersecurity Do’s – Best practices you should be implementing if you want to protect your business.
CISA’s suggestions:
- Control access
- Harden credentials
- Establish centralized log management
- Use Antivirus solutions
- Employ detection tools
- Operate services exposed on internet-accessible hosts with secure configurations
- Keep software updated
Heightened Cyber Environment
Wondering why businesses should be concerned about cyberattacks in 2022? Breaches and ransomware are more prevalent than ever. An IBM report states that the cost of a data breach in 2021 was $4.24 million. That is the highest average total cost in the 17-year history of the IBM data breach cost report. Not to mention Russia’s invasion of Ukraine causing concern around the world with threats of impact on organizations including malicious cyber activity against the US. CISA and the Department of Homeland Security issued warnings earlier this year that “every organization in the US is at risk from cyber threats.”
Read more Potential Threat of US Cyber Attack
This cybersecurity list should provide businesses with a starting point to know what items or responsibilities need to be handled immediately. If you need help implementing any of these practices you can trust CRI Advantage with all of your cybersecurity needs. At CRI Advantage, we provide cyber professionals that will help you identify and resolve threats so you can feel confident in your online security procedures and trust that your data is protected.
Getting started is easy. Simply book a consultation with us and we’ll review your business needs and help you identify potential cyber risks. In the meantime, download our 5 step checklist to minimize your cybersecurity risk.