"Joint Advisory on Top Cyber Misconfigurations Highlights Urgency for Software Manufacturers to Incorporate Secure by Design Principles"
Cyberattacks that cause damage to public and private organizations in every industry are all too common. Although some of these incidents involve using novel techniques to gain access to or move throughout a network, many abuse common misconfigurations. By ensuring secure configurations, the frequency and severity of cyberattacks can be significantly reduced. The US Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) red and blue team operators have assessed organizations over the past several years to determine how a malicious actor could gain access, move laterally, and target sensitive systems or data. According to these assessments, common misconfigurations, such as default credentials, improper separation of user/administration privilege, insufficient internal network monitoring, and more, put every American at risk. The new report, titled "NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations," provides guidance for reducing these configuration mistakes. This article continues to discuss the joint advisory on cyber misconfigurations.
Submitted by grigby1