A lack of restrictions on user permissions increases the risk associated with account compromises, as regardless of the user account, the threat actors will gain considerable network access. Identifying this access could be difficult as the threat actor uses a legitimate account to carry out their activity. By employing the Principle of Least Privilege , however, the damage associated with a compromised account is better contained, the network’s attack surface is minimized, and the risk of accidental or malicious misuse is reduced. This principle can be applied to users, administrators, and systems for improved cybersecurity.
In addition, the organizations sampled fail to apply patch management practices that adequately mitigate vulnerabilities, leaving critical vulnerabilities unpatched. Among the approximately 200 organizations sampled, over 33,000 critical vulnerabilities left unpatched are identified in CISA’s Known Exploited Vulnerabilities (KEV) catalog as actively exploited by cyber threat actors. Furthermore, many devices on these networks are end-of-life, such as Windows Server 2008 and 2012 and Windows 7, which means updates are no longer available and the devices are left vulnerable.
|
A way to address these fundamental IT security issues is by using identity and access management (IAM) tools, such as Active Directory with Group Policy (GP) or Entra ID , in conjunction with its cloud-based management services like Intune and configuration manager. These tools significantly assist administrators in establishing fundamental cybersecurity controls to better secure networks. Administrators can manage and secure users and systems by configuring settings, behaviors, and privileges. Administrators may set password complexity requirements, password expiration, account lockout policies after failed login attempts, and user authentication requirements, such as MFA. MFA is an essential security control for account security, and these tools assist administrators in ensuring compliance. Additionally, administrators can define acceptable software that can be used on the network, block unapproved software or file types, and define trusted software and paths. Using these tools, administrators can control user and device permissions to limit access to sensitive data, prevent unauthorized system configuration changes, and restrict access to network resources. They can also enable auditing and logging for specific actions on the network, allowing administrators to identify suspicious activity and provide network visibility. Administrators can also enforce file and device encryption to protect data from unauthorized access if a device is lost or stolen. Furthermore, administrators may use group policy or configuration management tools to enforce update settings across the environment, ensuring that all systems are regularly patched and up to date, further reducing the network’s attack surface.
While there are many other cybersecurity controls that can and should be implemented, addressing these issues is fundamental to an organization’s cybersecurity program and will significantly reduce their cyber risk. |
