A Response Guide for New NSA and CISA Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) recently published a report highlighting a range of critical security vulnerabilities requiring attention from organizations of all types. The report was published with input from the National Security Agency (NSA) and similar agencies worldwide. It should be considered essential reading. 

Many of the vulnerabilities in the report are not new. Instead, the report underscores a new level of awareness regarding how severe they are. Another important point to note is that these are not theoretical; they’re routinely abused by bad actors.

This article will explore what this report means for organizations and why the vulnerabilities mentioned are so relevant. Plus, see how you can effectively prioritize them.

The CISA Report: What’s at Stake?

In a recent release, CISA Director Jen Easterly highlighted the report’s findings. 

“These vulnerabilities pose an unacceptable risk to federal network security,” she said. “We also strongly urge every organization — large and small — to follow the federal government’s lead and take similar steps to safeguard their networks.”

According to CISA, the vulnerabilities themselves take the form of a server-side template injection. It can cause remote code execution, escalate privileges to ‘root’ and allow threat actors to obtain admin access without the need to authenticate.

As a result, businesses need to be aware of these issues. It’s critical to take the right steps to protect against them. Make sure your teams are aware of and prepared for these threats.

Best Practices for Addressing the Challenges

To understand the best way to handle the vulnerabilities in the report, it’s important to acknowledge the most common weaknesses businesses face today. 

According to the NSA, these are:

  • Failing to enforce multi-factor authentication
  • Applying privileges or permissions poorly
  • Errors within access control lists
  • Failing to keep software up to date.

So, what can you do to mitigate these weaknesses and build more effective defenses against security vulnerabilities? NSA recommends starting with mitigations that control access, harden credentials and establish centralized log management.

This strategy requires close teamwork between multiple elements of your business. 

Rallying Your Team Around Weak Points

As a general rule of thumb, make sure your teams are aware of weak points and the steps they must take to mitigate them.

Most of the time, it helps to hold regular meetings and training to ensure everyone is up to date. These can minimize or remove confusion. Encourage questions from all stakeholders, and distribute resources to help everyone stay educated and aware.

Building a Non-Alarmist Business Case for More Support

Building effective defense isn’t just a job for security teams. It’s an all-hands effort that never exists in a vacuum and impacts everyone to some degree. One of the key duties of security leaders is gaining support from decision-makers and stakeholders. Without them, you can’t obtain the resources and backing to do the best job possible.

As a result, you’ll need to build a compelling business case for more support. 

Here’s how:

  • Clearly link security projects to business outcomes. Demonstrate how greater investment in security benefits the business from a financial perspective. Highlight how failing to put digital defense can be costly.

  • Don’t use overly technical language. Speak in plain English wherever possible, and be prepared to clarify or explain certain points if needed.

  • Use hard data as much as possible. Again, link back to relevant business metrics. Show how increased security support can impact things like return on investment in concrete terms.

  • Avoid being overly alarmist or negative. Instead of presenting security solely as a way to avoid disaster, frame it positively as a means to increase the value of the business and enable more productive work.

Use the Right Security Tools

The good news is that there are a wealth of tools to help combat the threats in the CISA report. 

Companies can use tools to assess vulnerabilities and help choose which ones to patch first. This allows you to take a more structured and evidence-based approach, helping you focus your efforts and resources where they’re most needed for maximum effect.

Here are some of the tools you can use to stay on top of threats, prioritize well and defend against them before they happen:

  • Endpoint Detection and Response — gathers info across a wide range of endpoints to maintain insight into threats

  • SIEM — collects and analyzes events and works with other data sources to help detect threats and manage incidents

  • Network Detection and Response (NDR) — monitors entire networks and uses data analytics and machine learning to detect and deal with threats

  • SOAR — a suite of different tools, all aimed at learning more about threats and responding without the need for human control.

A Mix of Solutions

Using the right mix of tools and knowing how to use them with maximum efficiency is essential if you want to stay on top of vulnerabilities and keep your organization secure. The right tools allow you to prioritize threats so you can concentrate on the most serious sources of danger without spreading your resources too thin.

As a result, it’s essential to have a good command of all your different tools that empower you to easily identify threats and prioritize and respond quickly and accurately.

The post A Response Guide for New NSA and CISA Vulnerabilities appeared first on Security Intelligence.