The deputy associate director at the Cybersecurity and Infrastructure Security Agency (CISA), Donald Benack, gave a presentation along with Joshua Corman at the RSA convention last week where they outlined three critical cybersecurity failures, they are seeing exploited in the wild.
The pair called out the healthcare industry specifically as a sector with limited IT knowledge and skill focused on security. The nature of patient records, personally identifiable information (PII) including SSN, and financial information, make the healthcare sector a particularly desirable target for ransomware and phishing attacks. These factors are paired with limited budgets or a lack of cybersecurity priority in the sector.
The presentation was titled, “Bad Practices” to highlight a contradiction to ‘best practices.’ “The uncomfortable truth is that we can’t just say do best practices,” Corman said.
Benack outlined three “terrible tactics” in an attempt to change the language of cybersecurity. If ‘best practices’ are too much for some businesses, CISA is thinking about other ways they can have a positive influence on cybersecurity.
The three terrible tactics:
Use of unsupported or stop-of-existence software program
A business should not use unsupported or end-of-life software. When software is not being patched and updated consistently, it becomes an easy target for attack. Hackers follow end-of-life software, find vulnerabilities, and then search the web for systems using the easily hacked software.
Use of recognized/preset/default credentials
Many industry-specific hardware comes with default credentials for easy setup. If the credentials are not changed, the devices can be easily accessed remotely. Some credentials are so easy to find, they are printed in the product manual. Hackers can use the credentials and search the web for devices still using the default credentials.
Use of single-variable authentication for remote or administrative access
Remote and admin privileges are the most sensitive login credentials. No user should use admin privileges as their normal login. Additionally, this higher-level access should never use only a password, they should always have some form of multi-factor authentication (MFA).
“All of these procedures are not dependent on theory, they are dependent on evaluation of all the incident experiences and accessibility to info CISA has all-around what’s being exploited in the wild,” Benack stated.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
