NSA-CISA Top 10 Cybersecurity Misconfigurations for Organizations: The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have joined forces to issue a crucial cybersecurity advisory (CSA) highlighting the prevalent cybersecurity misconfigurations within large organizations.
This news item explores these misconfigurations and the tactics used by threat actors to exploit them.
Key Takeaways to NSA-CISA Top 10 Cybersecurity Misconfigurations for Organizations:
Table of Contents
- Common Misconfigurations: NSA and CISA have identified the ten most common network misconfigurations, shedding light on systemic weaknesses even in organizations with mature cybersecurity practices.
- Shared Responsibility: Network security teams can mitigate these weaknesses, but it’s imperative for software manufacturers to embrace secure-by-design principles to enhance cybersecurity.
- Mitigations and Recommendations: Both agencies advise implementing specific mitigations, such as removing default credentials, regular patching, and reducing administrative privileges. They also call on software manufacturers to embed security into their products from the start.
Understanding the Cybersecurity Advisory
The NSA and CISA have jointly released a cybersecurity advisory (CSA) aimed at highlighting the widespread cybersecurity misconfigurations found in large organizations.
These misconfigurations can serve as entry points for malicious actors to exploit.
The Top 10 Misconfigurations
Based on assessments by NSA and CISA Red and Blue teams, as well as Hunt and Incident Response teams, the following ten misconfigurations have been identified as most common:
- Default configurations of software and applications.
- Improper separation of user/administrator privilege.
- Insufficient internal network monitoring.
- Lack of network segmentation.
- Poor patch management.
- Bypass of system access controls.
- Weak or misconfigured multifactor authentication (MFA) methods.
- Insufficient access control lists (ACLs) on network shares and services.
- Poor credential hygiene.
- Unrestricted code execution.
These misconfigurations are not isolated incidents but represent systemic weaknesses across various large organizations.
Addressing these misconfigurations involves a dual responsibility:
- Network Security Teams: Well-trained, adequately staffed, and funded network security teams can implement known mitigations for these weaknesses.
- Software Manufacturers: It is crucial for software manufacturers to adopt secure-by-design principles, reducing the prevalence of these misconfigurations. This shift would enhance the security posture of their customers.
Recommendations for Network Defenders
To reduce the risk of malicious exploitation, NSA and CISA recommend several actions:
- Remove default credentials and enhance configurations.
- Disable unused services and enforce access controls.
- Regularly update and automate patching, prioritizing known exploited vulnerabilities.
- Restrict, audit, and monitor administrative accounts and privileges.
Call to Software Manufacturers
Software manufacturers play a pivotal role in improving cybersecurity outcomes for their customers. NSA and CISA urge them to:
- Embed security controls into product architecture from the outset of development.
- Eliminate default passwords.
- Provide high-quality audit logs to customers without additional charges.
- Make multifactor authentication (MFA), particularly phishing-resistant methods, a default rather than an opt-in feature for privileged users.
The Bigger Picture
While this advisory focuses on Microsoft® Windows® and Active Directory® environments, similar misconfigurations can be found in other software environments. Network owners and operators should diligently examine their systems for such misconfigurations, irrespective of the software in use.
In conclusion, addressing these cybersecurity misconfigurations is crucial for organizations looking to bolster their cybersecurity defenses and protect against potential threats.
About NSA and CISA:
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) are leading government agencies dedicated to enhancing the security of the United States’ critical infrastructure and information systems. Their collaborative efforts aim to strengthen the cybersecurity posture of organizations across various sectors.
