In terms of database security, any bad practice is dangerous. Still, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently deemed some behavior as “exceptionally risky.” Are your teams engaged in these high-risk practices? What can you do to mitigate the risk of a data breach?
As per CISA, “The presence of these Bad Practices in organizations that support Critical Infrastructure… is exceptionally dangerous and increases risk to our critical infrastructure, on which we rely for national security, economic stability and life, health and safety of the public.”
Even for those outside of national cybersecurity, these behaviors should be top of mind for any vulnerability assessment. While they may seem simple, each one involves complex cyber crime that cannot be ignored.
CISA Risky Behavior 1: Single-Factor Authentication
Single-factor authentication means a username and password grant user access with nothing else required. According to CISA, this is an all-too-common high-risk practice. Microsoft revealed its cloud services see about 300 million fraudulent sign-in attempts every day. Even eight-character passwords — with a mix of numbers, upper and lowercase letters and special characters — are cracked with relative ease.
The good news is that multifactor authentication (MFA) can stop 100% of bot attacks and 99% of bulk phishing attacks.
One common MFA method is a username and password, plus a message, link or code sent by text message. The second factor may also be a pin code, personal trivia ..
Support the originator by clicking the read the rest link below.
