10 common mistakes when configuring, managing and securing systems means that attackers can still break into organizations and gain access to networks and data, the US, UK, Canadian, Dutch and New Zealand governments warn in a joint statement. advisory. The advisory wants to point out common mistakes, security practices and configurations that lead to poor cyber hygiene and are often misused in attacks or make them possible. It concerns the following ten points, which are described in more detail in the advisory.
– Failure to Enforce Multi-Factor Authentication (MFA)
– Misallocation of permissions or errors with access control lists
– Not updating software
– Using default passwords
– Failure to secure VPNs and other remote services
– Failure to implement strong password policies
– Misconfigured and unsecured cloud services
– Open ports and misconfigured services accessible from the internet
– Failure to detect and block phishing emails
– Poor endpoint detection and response
However, organizations can improve their security by following certain practices, such as using a zero-trust model, limiting the ability of local system administrators to log in remotely, implementing MFA, changing default passwords, using central log management, patch management, antivirus software and vulnerability scanning and penetration testing.