How to Prevent Weak and Exploited Security Controls | Digital Guardian

The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

How to Prevent Weak and Exploited Security Controls

by Chris Brook on Wednesday May 18, 2022

Contact Us
Free Demo

A new cybersecurity alert is encouraging organizations to strengthen weak security controls commonly used by attackers to gain access to systems.

Unfortunately, there's no shortage of skilled cybercriminals these days; hackers who can throw everything but the kitchen sink at systems in order to get in.

What about the ones who don't have to?

Cybersecurity authorities in the U.S., along with those in the U.K., Canada, New Zealand, and the Netherlands are reminding organizations this week to address weak security controls that can allow attackers to essentially waltz through an organization's backdoor, undetected.

By either failing to strengthen security configurations, either from the get go, or leaving them poorly secured, organizations are doing attackers a favor, giving them an easy access point to use as a means to compromise, if not immediately, then to carry out reconnaissance and exploit at a later date.

In a report on Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) looked at ways attackers commonly gain access to networks, including through the exploitation of public-facing apps, external remote services, phishing, taking advantage of a trusted relationship, and abuse of existing, valid accounts.

It also flagged the following poor practices for enabling attackers:

  • Multifactor authentication (MFA) is not enforced
  • Incorrectly applied privileges or permissions and errors within access control lists
  • Software not up to date
  • Use of vendor-supplied default configurations or default login usernames and passwords
  • Remote services, such as a virtual private network (VPN), lack sufficient controls to prevent unauthorized access
  • Strong password policies are not implemented
  • Cloud services are unprotected
  • Open ports and misconfigured services are exposed to the internet
  • Failure to detect or block phishing attempts
  • Poor endpoint detection and response

CISA has a handful of recommendations for admins to implement if they're not already to address these issues. Many are focused on tightening access to controls, including adopting a zero-trust security model, limiting who has control to what data, and making sure machines don't have any open RDP ports.

Other recommendations include making efforts to harden credentials - see MFA, establish centralized log management, employ antivirus to prevent malware, along with endpoint detection and response and an intrusion detection system to aid in visibility.

Organizations should also make sure there's a configuration management program in place, something that routinely verifies services and systems aren't exposed to the internet, along with a software and patch management program to keep things to to date.

While much of these tips aren’t exactly new to defenders, especially those who work around the clock each day trying to remedy these issues, it’s still a good primer – and a checklist for some – when it comes to safeguarding systems.

Tags: Government

Recommended Resources

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.