October is Cybersecurity Awareness Month, a time when cybersecurity experts in the IT world raises awareness about digital security and empower individuals to protect themselves online. This year’s theme, “Securing Our World,” emphasizes the collective responsibility we all share in maintaining a safe digital environment.
The Cybersecurity and Infrastructure Security Agency (CISA) recommends four crucial actions that organizations can take to improve their cybersecurity posture.
- First, organizations should implement a robust password policy. This involves enforcing the use of strong passwords that include uppercase and lowercase letters, numbers, and symbols. Companies should consider implementing password managers to help employees create and store complex passwords securely. It’s also important to regularly audit and update password policies to align with current best practices.
- Secondly, CISA strongly recommends enabling and enforcing multi-factor authentication (MFA) across all critical systems, applications, and user accounts. Organizations should educate employees on the importance of MFA and how to use it correctly. For high-risk accounts or sensitive operations, companies might consider adopting more secure MFA methods, such as hardware tokens or biometric authentication.
- The third recommendation focuses on developing a comprehensive phishing awareness and response program. This should include conducting regular phishing simulation exercises to test and train employees, implementing email filtering solutions to reduce the number of phishing attempts reaching employees, and establishing clear procedures for reporting and responding to suspected phishing attempts. It’s crucial to create a culture where employees feel comfortable reporting potential security incidents without fear of reprisal.
- Lastly, CISA emphasizes the importance of maintaining a rigorous patch management process. Organizations should develop and implement a systematic approach to identifying, testing, and applying software updates and security patches. It’s advisable to prioritize patching based on vulnerability, severity, and potential impact on the organization. Companies might consider automated patch management solutions to streamline the process and ensure timely updates. Regular audits should be conducted to ensure all software and firmware are up to date.
By implementing these recommendations, organizations can significantly enhance their cybersecurity posture and better protect themselves against common cyber threats.
Current Threat Landscape
According to the Elastic 2024 Global Threat Report, brute force attacks including password spraying and credential stuffing are more popular than ever.
CISA has identified multiple methods used by threat actors to gain access to MFA credentials:
- Phishing: A user visits a malicious website that mimics a company’s legitimate login portal and submits their credentials.
- Push Bombing: Threat actors send multiple push notifications until the user presses the “Accept” button to grant threat actors access.
- SS7 Protocol Vulnerabilities: MFA codes sent via text message or voice to a phone are captured.
- Sim Swap: Cellular carriers transfer control of a user’s phone number to a threat actor-controlled SIM card.
Enhanced Password Security Solutions & Advanced Security Measures
To provide enhanced password security, DMI recommends using a phishing-resistant FedRAMP’d login platform, such as Keeper Security, that protects user passwords and sensitive information via multi-factor authentication (MFA), FIDO2 hardware security keys, biometric login, and conditional access policies that include the device, location, time-of-day, and application to be accessed. The platform also creates strong, unique passwords and can evaluate the strength of passwords in use.
A differentiator of the platform is the ability to encrypt and decrypt passwords locally by the user in a vault and not transmit passwords over the network. Auditing and compliance is also supported via advanced reporting and event logging capabilities.
Additionally, Identity Threat Detection and Response (ITDR) measures can continuously monitor identity-related actions, detect anomalous behavior compared to normal activity, and analyze risk score activity based on data sensitivity and attack potential.
A phishing-resistant password protection platform combined with ITDR provides the protection, visibility, and analytics to identify any breaches of human or non-human identities.
Reach out to DMI to learn more about our Zero Trust Plus architecture and our identity solutions.
