The NSA and CISA Red and Blue teams recently shared the top ten cyber security misconfigurations.  The schools we have worked with that have suffered a cyber attack often find that there are configurations, upgrades or user access controls that were missed.  This advisory highlights all of those and more - these are not in-depth configurations, but often ones that are set up incorrectly and then not checked or updated as time goes by. Although the advisory is aimed at larger organisations, we think it applied to all and will help towards becoming more cyber resilient.

The top ten most common network misconfigurations are:

1. Default configurations of software and applications
2. Improper separation of user/administrator privilege
3. Insufficient internal network monitoring
4. Lack of network segmentation
5. Poor patch management
6. Bypass of system access controls
7. Weak or misconfigured multifactor authentication (MFA) methods
8. Insufficient access control lists (ACLs) on network shares and services
9. Poor credential hygiene
10. Unrestricted code execution

The key message in the advisory is to reduce the risk of malicious actors exploiting the identified misconfigurations:

• Remove default credentials and harden configurations.
• Disable unused services and implement access controls.
• Update regularly and automate patching, prioritizing patching of known exploited vulnerabilities.
• Reduce, restrict, audit, and monitor administrative accounts and privileges.

The full advisory can be viewed here: NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations.

Through our Knowledge Bank platform we provide Information and Cyber Security Checklists which provide an overall view of a cyber security checklist. We can also provide enhanced Cyber Assessments.  Information and Cyber Security Checklist (viewable with a valid Data Protection Education subscription):