Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Security organisations highlight the top 10 cyber security misconfigurations

published on 2023-10-18 13:07:36 UTC by philviles
Content:

The NSA (National Security Agency) in conjunction with CISA (Cyber and Infrastructure Agency) have released an advisory to educate the wider public on their findings relating to the top ten cyber security misconfigurations.

The guidance aims to help organisations identify and remediate the potential security flaws in order to harden defences.

The below list detailing the top misconfigurations was compiled from the findings of both offensive and defensive assessments conducted by the NSA and CISA threat hunt and incident response teams.

  1. Default configurations of software and applications
  2. Improper separation of user/administrator privilege
  3. Insufficient internal network monitoring
  4. Lack of network segmentation
  5. Poor patch management
  6. Bypass of system access controls
  7. Weak or misconfigured multifactor authentication (MFA) methods
  8. Insufficient access control lists (ACLs) on network shares and services
  9. Poor credential hygiene
  10. Unrestricted code execution

By highlighting these misconfigurations, it equips organisations with the knowledge that the problems they face are not local to just their organisation.

It may also identify areas which are being overlooked and warrant prompt addressing due to their prevalence and pinpoint areas that could potentially be exploited by interested threat actors.

In the advisory, as well as highlighting potential areas for improvement, there are sections dedicated to providing mitigation advice.

To some, this information may appear routine or cliché. However, the advisory is evidence that organisations are not adequately addressing these problems and so it is encouraged that those in a position to implement technical changes review the advisory and consider the implementation of changes - where appropriate - or use the advisory to help strengthen their discussions regarding the threat that any existing problems pose.

Worried about your cyber security measures and unsure what to do? Contact us, we can help either directly, or act as an impartial broker for our Cyber Essentials Partners.


Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).


Article: Security organisations highlight the top 10 cyber security misconfigurations - published about 1 year ago.

https://www.emcrc.co.uk/post/security-organisations-highlight-the-top-10-cyber-security-misconfigurations   
Published: 2023 10 18 13:07:36
Received: 2023 10 18 13:27:40
Feed: The Cyber Resilience Centre for the East Midlands
Source: National Cyber Resilience Centre Group
Category: News
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor