Basic Cyber Hygiene is Lakcking and Now is the Time to Make it Routine
A good quality control (QC) consultant is great at focusing on core principles. Want to prioritize your biggest problems? Build a Pareto chart. Want to engage in continuous quality improvement? Follow the “plan, do, check, adjust” formula.
In cybersecurity, numerous surveys have already plotted Pareto charts of our nastiest problems. The number one issue is self-inflicted: poor cyber hygiene. Those same surveys suggest solutions focused on the basics, and the key to success is a hygiene routine built on diligent repetition.
This is easier said than done. As your attack surface grows, your cybersecurity team spends more time dealing with more alerts. Day to day, there isn’t much time to address known architectural flaws or apply needed patches. Thus, more often than not, the hygiene to-do list is pushed out until tomorrow, or next week, or until the aftermath of a breach.
Beware of tried-and-true hacks
This is why so many well-known exploits remain successful. Even after 20 years, brute-force attacks on public-facing systems remain a top entry tactic. Such attacks often target an administrative console for a web application, a remote desktop session, or a listening service such as Secure Shell (SSH). These services exist on nearly every type of device, from the largest computing assets locked in dark rooms to the smallest embedded devices found seemingly everywhere. In particular, internet of things (IoT) endpoints are especially vulnerable because many are left in their default settings.
Make basic hygiene a weekly habit
The solution: every week, devote at least two hours to basic cyber hygiene. Four best practices will help your team build habit from repetition:
• Make time for it - ..
Support the originator by clicking the read the rest link below.
