"Organizations Warned of Top 10 Cybersecurity Misconfigurations Seen by CISA, NSA"
The US cybersecurity agency CISA and the NSA have recently issued new guidance on addressing the most common cybersecurity misconfigurations in large organizations. CISA and NSA noted that misconfigurations impact many organizations, including those that have achieved a mature security posture. CISA and NSA argued that these misconfigurations illustrate a trend of systemic weaknesses and underline the importance of adopting secure-by-design principles during the software development process. According to CISA and NSA, the ten most common network misconfigurations include default software configurations, improper separation of privileges, lack of network segmentation, insufficient network monitoring, poor patch management, bypass of access controls, poor credential hygiene, improper multi-factor authentication (MFA) methods, insufficient access control lists (ACLs) on network shares, and unrestricted code execution. CISA and NSA identified these misconfigurations after years of assessing the security posture of more than 1,000 network enclaves within the Department of Defense (DoD), federal agencies, and US government agencies.