The last several years have seen an ever-increasing number of cyber-attacks, and while the frequency of such attacks has increased, so too has the resulting damage. One needs only to look at CISA's list of significant cyber incidents to appreciate the magnitude of the problem. In May of 2021, for example, a ransomware attack brought down the Colonial Pipeline, causing a serious fuel disruption for much of the United States.
Just last month, a hacking group gained access to call logs and text messages from telecommunications carriers all over the world. These are just two of dozens of cyber-attacks occurring this year.
Because of these and other cyber security incidents, the Department of Homeland Security issues a compulsory directive to federal agencies to better protect federal information systems and the data that they contain against cyber-attack. This directive is based around CISA's catalog of vulnerabilities that are known to pose a significant risk. The directive requires covered entities to update their cyber security procedures and to address known vulnerabilities within a specific amount of time.
End of year preparations for CISA
The fact that the Federal Government is suddenly placing such a high priority on cyber security is telling, and the directive is worth paying attention to, even for private sector organizations. If federal agencies shore up their cyber defenses in accordance with the new directive, then at least some cybercriminals will likely turn their attention toward attacking private sector targets. After all, it is likely that some of the known vulnerabilities will continue to exist in private companies, even after those vulnerabilities have been addressed on systems belonging to the federal government.
With the end of the year rapidly approaching, IT professionals should put cyber security at the top of their New Year's resolutions. But what specifically should IT pros be doing to prepare for 2022?
CISA differentiates between known vulnerabilities and vulnerabilities that are known to have been exploited. Likewise, IT pros in the private sector should focus their efforts and their security resources on addressing vulnerabilities that have been exploited in the real world. Such exploits are well documented and pose a major threat to organizations who fail to address such vulnerabilities.
Deploy patches immediately
The single most important thing that organizations can do to ensure that they address known security vulnerabilities is to apply security patches as they become available. Many security patches are specifically designed to address known vulnerabilities, some of which have already been exploited. For example, the Microsoft Exchange Server update addressed the ProxyShell vulnerability earlier this year. ProxyShell was the name given to a serious Exchange Server vulnerability that allowed for remote code execution. Once the vulnerability became public, attackers began actively searching for unpatched Exchange Servers, often installing ransomware onto the servers that were located.
Don't forget that holidays can increase your organization's risk of cyber-attack, so although a patch may come through at an inopportune moment, it's important to push through immediately as hackers are waiting for lapses in your security network this time of year.
As important as patch management may be, installing the available security patches is only one example of the types of things that IT pros need to be doing in order to address known security vulnerabilities.
Prevent breached passwords in your network
Another countermeasure that is nearly as important but widely overlooked is that of preventing users from using passwords that are known to have been compromised.
Hackers maintain massive dark web databases of passwords that have been cracked as a part of various exploits. The reason why this is such a problem is because users very often use their work passwords on various websites to minimize the number of passwords that they must remember. If a password has been cracked, then it means that there is a table matching that password to its hash. This makes it possible for an attacker to recognize when that password has been used elsewhere. This is why it's so important to prevent users from using any password that is known to be compromised.
Specops Password Policy includes a breach password feature that queries databases containing billions of compromised passwords to make sure that those passwords are not being used on your network.
Additionally, Specops Password Policy includes features that are designed to help IT pros to create compliant password policies. The software includes built-in templates that allow you to create password policies that are based on the standards set forth by NIST, SANS, and others. Using these templates makes it easy to ensure that the passwords used throughout your organization adhere to the same NIST standards that the federal government is adhering to. You can try the software in your AD organization free for 14 days.