Weak Security Controls
Last week, multiple government agencies released a joint Cybersecurity Advisory to raise awareness about insufficient security configurations, weak controls, and other areas where cyber criminals easily gain access to company networks. This advisory lists out the best practices to protect your systems and goes into them in detail:
- Control access.
- Harden credentials.
- Establish centralized log management.
- Use antivirus.
- Employ detection tools.
- Operate services exposed on internet-accessible hosts with secure configurations.
- Keep software updated.
This advisory also details some of the most common ways that attackers are gaining access to internal networks and explains the mitigation efforts that can be taken to prevent such attacks:
- Exploit Public-Facing Applications
- External Remote Services
- Trusted Relationship
- Valid Accounts
It is essential that all organizations read or review this advisory and become familiar with the list of common exploit paths that attackers take to easily gain access to systems within the internal network. “As long as these security holes exist, malicious cyber actors will continue to exploit them,” said NSA Cybersecurity Director Rob Joyce. “We encourage everyone to mitigate these weaknesses by implementing the recommended best practices.” This advisory can be reviewed in detail here.
nGuard provides a wide variety of both tactical and strategic security assessments that can assist your organization in becoming more secure across the board. Tactical security assessments like external penetration testing, internal penetration testing, and social engineering can point out easily exploitable flaws that could lead an attacker to gaining some type of network access. Managed security services like vulnerability management and centralized log management provide ongoing protection as your network is being scanned for known vulnerabilities on an ongoing basis. Strategic security assessments give you one on one time with a qualified consultant who can help you build layers of security from the ground up. If you are reading this advisory and have any questions, nGuard is ready to talk with you and see where assistance is needed.