CISA Revises List of Cybersecurity Bad Practices to Remove

The Cybersecurity and Infrastructure Security Agency (CISA) has modified its checklist of cybersecurity bad practices that need to be eliminated.

Cyber threat actors usually perform highly sophisticated attacks to obtain access to internal sites and sensitive records, yet in many cases, sophisticated strategies, techniques, and procedures aren’t necessary. The Bad Practices Catalog was made in July 2021 to improve knowledge of a number of the most egregious problems in cybersecurity that allow attackers to do the job.

There have been numerous listings posted on cybersecurity best practices to adhere to, and although it is important that those practices are put into practice, it is essential that these bad practices are removed, particularly at institutions that help critical infrastructure or national critical functions (NCFs). These bad practices substantially boost the risk to the critical infrastructure trusted for national protection, economic solidity, and life, health, and safety of the public.

When the Bad Practices Catalog was earlier published, two entries were added. First on the record is the ongoing usage of applications that have hit end-of-life and are not backed by the software maker anymore. Without having support, there are no more patches made to resolve vulnerabilities, which may be very easily exploited by cyber actors to acquire access to internal systems.

Second, and just as egregious, is the failure to alter default credentials and passwords that are identified to have been breached in data breaches or were in any other case exposed.

The most up-to-date addition is the usage of one-factor authentication for remote or admin access to systems. Single-factor authentication is the usage of a username and password to safeguard an account. Though this offers a level of safety, it’s not enough to avoid the brute force tactics of hackers. Any Internet-facing system needs to be secured with multi-factor authentication, which demands one more authentication factor to be offered along with a password prior to granting access to the account or system.

One investigation carried out by Google, together with the University of California San Diego and New York University, demonstrated multi-factor authentication is helpful at stopping 99% of bulk phishing attacks, 66% of targeted attacks, and 100% of automated bot attacks, though Microsoft Director of Identity Security Alex Weinert revealed in a blog post in July 2019 that multi-factor authentication will prohibit 99.9% of attacks on accounts.

CISA looks at these practices to be remarkably risky, specifically when they apply to applications and technologies that are accessible on the internet. Whilst it is well known that these practices are unsafe, they continue to be highly popular and generally enable hackers to obtain access to internal sites to steal sensitive files and carry out ransomware attacks.