Cybersecurity is a vital aspect of any organization’s operations, especially in the digital age. However, many organizations make common mistakes that expose them to cyberattacks and compromise their data and systems. To help organizations improve their cybersecurity posture, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a joint advisory that identifies the top 10 cybersecurity misconfigurations and provides recommendations on how to fix them.
The top 10 cybersecurity misconfigurations are:
- Using unsupported or end-of-life software: Software that is no longer supported or updated by the vendor may contain vulnerabilities that can be exploited by attackers. Organizations should upgrade to the latest versions of software or use supported alternatives.
- Using weak or default passwords: Passwords that are easy to guess or crack can allow attackers to access accounts and systems. Organizations should enforce strong password policies and use multi-factor authentication (MFA) whenever possible.
- Storing sensitive data in unencrypted form: Data that is not encrypted can be read or modified by unauthorized parties. Organizations should encrypt data at rest and in transit using secure algorithms and protocols.
- Not implementing network segmentation: Network segmentation is the practice of dividing a network into smaller subnetworks with different access levels and security controls. This can limit the spread of malware and reduce the impact of a breach. Organizations should implement network segmentation based on the principle of least privilege, which means granting the minimum level of access required for each user, device, and application.
- Not backing up data: Data backup is the process of creating copies of data that can be restored in case of data loss or corruption. Data backup can help organizations recover from ransomware attacks, natural disasters, human errors, and other incidents. Organizations should back up data regularly and test the backups for integrity and functionality.
- Not patching systems: Patching is the process of applying updates to software and hardware that fix bugs, improve performance, and address security issues. Patching can prevent attackers from exploiting known vulnerabilities in systems. Organizations should patch systems as soon as possible after updates are released by the vendors.
- Not using antivirus or anti-malware software: Antivirus or anti-malware software is software that detects and removes malicious programs such as viruses, worms, trojans, ransomware, spyware, and adware. Antivirus or anti-malware software can protect systems from infection and damage. Organizations should use antivirus or anti-malware software on all devices and keep it updated with the latest signatures and definitions.
- Not disabling unnecessary services: Services are programs that run in the background and perform specific functions on a system. Some services may not be needed or used by an organization, but may still consume resources and pose security risks. Organizations should disable unnecessary services on systems to reduce the attack surface and improve performance.
- Not monitoring network activity: Network activity is the traffic that flows between devices and applications on a network. Monitoring network activity can help organizations detect anomalies, identify threats, and respond to incidents. Organizations should monitor network activity using tools such as firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), network analyzers, and security information and event management (SIEM) systems.
- Not educating users: Users are often the weakest link in cybersecurity, as they may fall victim to phishing emails, social engineering attacks, or other scams that trick them into revealing sensitive information or installing malicious software. Organizations should educate users on cybersecurity best practices, such as how to recognize and report suspicious emails, how to create and manage passwords, how to avoid clicking on unknown links or attachments, and how to use secure communication channels.
By avoiding these common cybersecurity misconfigurations, organizations can enhance their security posture and reduce their exposure to cyberattacks. The NSA and CISA advisory provides more details on each misconfiguration and offers guidance on how to remediate them.
We andvise organizations to adopt a zero trust approach to cybersecurity, which is a framework that assumes no trust for any entity on a network, whether internal or external, and verifies every request before granting access. A zero trust approach can help organizations prevent unauthorized access, protect data, and improve visibility.
The NSA and CISA advisory is part of a series of joint advisories that aim to provide actionable information on current cyber threats and mitigation strategies. The previous advisories covered topics such as ransomware, VPN vulnerabilities, cloud security, DNS tunneling, email compromise, web shell malware, Iranian cyber threats, Russian cyber threats, Chinese cyber threats, and North Korean cyber threats.