10 Security Basics for 2023

10 Security Basics for 2023

Let's face it, change is tough. Despite an increasing number of security incidents over the past decade, it is important to focus on the basics in 2023. Here are 10 security best practices that organizations should consider for the coming year:??

1. Implement multi-factor authentication (MFA) across all systems.?

Yes, we must keep reminding people how crucial it is to implement MFA. It's likely that you've implemented MFA on some systems, but not all. Therefore, it's important to evaluate whether MFA is enabled on all user-accessible systems, as credential compromise continues to be one of the leading tactics used in most security incidents.?

Expel further highlights the need to go beyond traditional MFA with the need to implement phishing-resistant MFA. "MFA and conditional access were configured for more than 80% of the successful compromises, but the attacker successfully tricked the legitimate user to satisfy the MFA request.?

2. Patch externally facing exploitable vulnerabilities?

According to the Orca 2022 State of the Cloud Report , "78% of identified attack paths use known vulnerabilities (CVEs) as an initial attack vector." Late in 2021, the Cybersecurity and Infrastructure Security Agency (CISA) published the CISA Known Exploitable Vulnerabilities list, which is publicly available for anyone to use and has quickly expanded to include over 800 known vulnerabilities. This is a great place to start prioritizing externally facing vulnerabilities. Nucleus Security created a guide on CISA KEV enrichment , which outlines how CISA KEV and other vulnerability feeds can be used for prioritization.?

3. Migrate off on-premise 微软 Exchange Server.?

The past few years have been particularly brutal for customers running Microsoft Exchange Server. As Wired reports, "Endless vulnerabilities. Widespread hacking campaigns. Slow and technically tough patching. It's time to say goodbye to on-premise Exchange." If you are still using on-premise Exchange, it seems likely that you are not going to migrate off Microsoft products. Therefore, the best bet is to migrate to Microsoft 365/Exchange Online. Another alternative is to move to Google Suite.?

4. Stop using Remote Desktop Protocol (RDP) over the internet.?

According to Censys , over four million hosts on the internet have RDP port 3389 accessible and open to the internet . #rdp is still one of the most common ways attackers gain initial access to an environment, thanks to organizations that are unaware of the risks associated with doing so. Just take a quick look at the long list of Mitre's RDP Procedure Examples for motivation to stop using RDP over the internet.??

5. Implement least privileged access.?

It is often forgotten that organizations frequently over-provision user access, resulting in unnecessary risks to the organization when a user's credentials become compromised or when there is an insider threat. I recommend considering applying least privileged access with your high-risk applications and pruning unnecessary access. Okta has created a good guideline on how to implement least privileged access. ?

I've also been thinking about ways to better audit access using SAML logs as part of the hoodwink project I created over the holidays that identifies how many active users access an application.??

6. Patch vulnerable #Log4j systems.?

Okay... yes this is a reminder of #4 to patch exploitable systems, but people really need a reminder to get #vulnerabilitymanagement under control. ???According to Tenable Research, 72% of organizations remain vulnerable to the "nightmare" Log4j vulnerability. Considering this vulnerability is highly exploitable, this is a real-world demonstration of the challenges associated with patching vulnerability software packages that are used extensively across an enterprise.

7. Deprecate Windows XP/Windows 7 in your environment.?

According to Statcounter , more than 10% of Windows hosts are still running Windows XP or Windows 7 . It's really time to make sure you upgrade your applications and systems so that you can patch the latest security vulnerabilities.?

8. Identify asset criticality and ownership to help prioritize risk.?

You can't protect what you don't know and having visibility into the criticality of assets and who is responsible for them is key to a strong security program. Evaluate where you currently have asset information across your environment and leverage metadata to assign business criticality and ownership. This will help you better prioritize risk.?

Scott Kuffer , COO of Nucleus, outlines how to accomplish identifying assets' criticality and ownership using metadata from your existing security tools .??

9. Kill the password and get ready to implement passkeys.?

According to the 2023 Mandiant (part of Google Cloud) Cybersecurity Forecast Report, "over the next year, we will see threat actors find new ways to steal identities from users using a combination of social engineering, commodity information stealers, and information gathering from internal data sources post-compromise. They will combine stolen credentials with new techniques to bypass multi-factor authentication (MFA) and abuse identity and access management (IAM) systems.”?

By implementing passkeys , you can significantly reduce the risk of phishing attempts, social engineering, and credential compromise.

10. Secure and monitor your Amazon Web Services (AWS) S3 buckets.?

AWS S3 bucket misconfigurations have continued to plague enterprise organizations year after year. According to Gartner, "through 2022, at least 95% of cloud security failures will be the customer's fault." However, there is hope that AWS will start helping reduce S3 bucket misconfiguration risks with new features that prevent organizations from shooting themselves in the foot.?

要查看或添加评论,请登录

社区洞察

其他会员也浏览了