How To Prevent Systems And Infrastructure Misconfigurations
Many cyber incidents occur due to systems and infrastructure being misconfigured. This is the most common incident access point after phishing and business email compromise (BEC).
On October 5, 2023, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a joint cybersecurity advisory (“the Advisory”) highlighting the most common cybersecurity misconfigurations in large organizations and detailing the tactics, techniques, and procedures (TTPs) threat actors use to exploit these misconfigurations.
The Advisory identifies 10 of the most common network misconfigurations; topping the list is “default configuration of software and applications.” This particular misconfiguration encompasses errors with privacy and security settings related to web beacons and trackers. Misconfigurations in this regard have resulted in significant action litigation and regulatory investigations impacting organizations in multiple industries such as healthcare, retail, sports/entertainment, and others. Claimants and regulators have alleged that default configurations were used with web beacons and session recorders such as Meta Pixel and Hotjar, which allowed data to be collected and shared in a manner that was inconsistent with the organization’s privacy notices and in violation of various privacy regulations.
The complete list of common network misconfigurations is as follows:
- Default configurations of software and applications
- Improper separation of user/administrator privilege
- Insufficient internal network monitoring
- Lack of network segmentation
- Poor patch management
- Bypass of system access controls
- Weak or misconfigured multifactor authentication (MFA) methods
- Insufficient access control lists (ACLs) on network shares and services
- Poor credential hygiene
- Unrestricted code execution
NSA and CISA encourage network defenders, such as CISO’s, CIO’s, and Directors of Security, to implement the recommendations found within the Mitigations Section of the Advisory—including the following—to reduce the risk of threat actors exploiting the identified misconfigurations.
- Remove default credentials and harden configurations.
- Disable unused services and implement access controls.
- Update regularly and automate patching, prioritizing patching of known exploited vulnerabilities.
- Reduce, restrict, audit, and monitor administrative accounts and privileges.
The Advisory also urges software manufacturers to take ownership of improving the security outcomes of their customers by embracing secure-by-design techniques, including default privacy and security tactics, mandatory MFA, eliminating passwords, and embedding security controls through the entire development lifecycle.
Get the full Joint Cybersecurity Advisory. Let’s Talk! Find out how EPIC Insurance Brokers & Consultants can help your business.
Principal, Executive Cyber & Risk Management