As business IT continues to evolve in complexity with more and more hybrid environments incorporating both on-premise and multi-cloud environments, there is no doubt that securing applications, data and workloads will be an ongoing challenge for businesses of all sizes. Yet, a focus on the basic elementary principles of cybersecurity can go a long way in protecting your company from most attacks. Penetration testers are the frontline witnesses on cyber threats. They continue to see the same weaknesses and vulnerabilities within the enterprises they examine. Below, is a list of recommendations for you to be aware of in the year ahead.
1. Privilege Separation. Admin and privilege accounts are the keys to the kingdom for any hacker. When malware is downloaded and installed via the privileged rights of a domain admin or network account, the malicious code can spread laterally throughout the network uninhibited. A survey conducted last year showed that 57 percent of organizations on average assign local admin rights to some portion of their normal users. Best security practices call for the enforcement of least privilege, so that standard users are allocated only the privileges, rights and data access permissions essential for them to perform their intended job functions. It also means privileged accounts only perform their intended job functions using these sought after profiles. User-based tasks such as checking email and accessing the internet should be done using a separate standard user account.
2. Weak Passwords. The annual “Most Popular Passwords” list was released for 2018 and once again, the results are alarming. The most popular password was “123456” followed by “password”. Also, many users tend to recycle the same passwords repeatedly. But we can't just blame endusers. The widespread use of default vendor passwords when it comes to network and IoT devices continues everywhere. With the advances in credential stuffing attack methodologies and software applications, vulnerable passwords are easy to discover.
3. Poor Patching Practices. It’s very simple. Inadequate patch management can leave loopholes in your IT infrastructure, and loopholes lead to cyberattacks. Patching is the most important process your IT staff can perform in order to harden and secure your devices.
4. Keeping Up with Recommended Settings. The dynamic world of cybersecurity is continually evolving as current protocols and security tools are compromised and new ones created. The use of deprecated encryption standards such as TLS 1.0, DES and 3DES is not recommended today as these protocols are less secure than newer alternatives. Other common examples include the continued use of outdated wireless protocols, NetBIOS and SMB 1.0.
5. Phishing. According to the Verizon 2018 Data Breach Investigations Report, 78 percent of users within an organization did not click a single phishing link the entire year of 2017. That’s the good news. The bad news is that four percent will click on just about anything and the remainder are susceptible to well-thought-out attacks. Phishing continues to be the primary delivery mechanism for malware. In many ways, email today is a battlefield that requires your attention every day because it only takes a single click by one user on an embedded link or attachment to cause havoc on your enterprise.
6. Improperly Configured Network Equipment. Today’s networks must be designed under the premise that threats will penetrate the network perimeter which means that your network must be segmented into multiple sectors in order to limit the scope of a successful attack. This is done through proper configuration of your firewall, routers and switches. Many enterprises fail to maximize the equipment they have due to improper configuration of their infrastructure devices.
7. BYOD and IoT. Every device in your network is a point of vulnerability. This applies to IoT devices as well. The old adage that you can’t protect what you can’t see is especially true today with the proliferation of both BYOD and IoT devices within today’s enterprises. Full visibility is essential today in order to know what devices reside within your network as well as the state of their security status of each device.
8. Insecure Coding Practices. It is an app driven world today. This means you have to protect your apps as well as your devices because hackers are probing them, seeking system flaws and application weaknesses that can be exploited and compromised. Eliminating the most common security risks inherent in insecure software as outline in the OWASP Top 10 Web Application Security Risks is essential to secure your application infrastructure.