3 Common Cybersecurity Remediation Issues

By Brett Powers • July 28, 2021

As your organization works to strengthen its security surrounding its IT infrastructure to meet the requirements of the NIST 800-171 framework, and in anticipation of securing Cybersecurity Maturity Model Certification (CMMC) Maturity Level 3 compliance, a few issues frequently require attention.

Working to address these challenges will raise your company’s Supplier Performance Risk System (SPRS) score. This can be instrumental in demonstrating your commitment to exceptional cybersecurity hygiene to government entities looking to use your products or services. 

 

We’ve found these issues that require remediation at most companies we have assessed.

 

Absence of Documentation

With CMMC looming, a lot of companies are examining their policies, procedures, and standard documentation. At CyberSheath, before we get to the remediation process, we assess where an organization is in terms of compliance readiness. Generally what we find is most companies have very little documentation around what they’re doing and how they’re governing their security controls.

Lack of internal resources can make formulating the appropriate documentation a challenge. While we can craft that documentation, the hard part is getting each company to go through their records and align policies and procedures with their unique organizational practices. What we call best practices do not necessarily translate to being applicable to their business. For example, best practice for an activity timeout could be 10 minutes. However for your business, perhaps it makes sense to extend that time period to 30 minutes. 

 

No Multi-factor Authentication (MFA)

We’ve discovered that most companies either have MFA partially applied or not applied at all. Meaning maybe these entities are using Microsoft 365 and have activated MFA for when they’re logging into that environment. That is not sufficient. Part of the requirement is you need to have multifactor turned on even when you are logging on locally. Meaning when you turn on your laptop and type in a password, you should also have to have a second factor to access your laptop. From what we’ve seen in our assessments, this step almost never happens.

The struggle here may be that additional resources and tools need to be procured, which adds another cost. Also, a lot of the remediation we assist clients with circles back to a culture change being a huge challenge. 

 

Shared Accounts

Perhaps your IT group has one generic, admin user ID with a shared password. While this ID is only assigned to IT, it could be leveraged by multiple people. This practice creates an accountability issue because it becomes difficult to identify exact users. Another example would be a shared computer on the floor of a manufacturing company, used by 10 people. A lot could happen between those 10 users, making it challenging to tell which one of the users performed what tasks or even who executed a potentially malicious act. 

In a similar vein, it’s also relatively common for companies to mistakenly or intentionally provision users accounts that grant individual works outside of management with admin access. It’s pretty easy to see how this could go horribly wrong. While many users do not notice or act on this level of access, it does open up the entity to all sorts of security issues. 

 

If your organization would like assistance in determining their current security posture, including assessing whether or not they need to remediate these common issues, give us a call. We will be happy to work with you to identify compliance gaps, craft a plan to address any issues, and help your company improve its SPRS score. 

CyberSheath Blog

How to Safeguard Your Company from Phishing

Email is so ubiquitous in our everyday lives that it can be a challenge to always be on guard when receiving messages. Each day it’s not unheard of for each member of your team to have hundreds of messages land in their inbox. How do you make sure that none…

3 Tools to Help Defend Your IT Infrastructure from Threats

With the continually evolving threat landscape and the prevalence of team members working from home, it is more important than ever to be proactive with how your company is protecting itself from cyberattacks.  CyberSheath can help. We offer services to build on all the great work you have already done…

DNS Filtering for Additional Protection of IT Systems

Phase one of securing your IT infrastructure should include protecting your endpoints and safeguarding your employees from phishing attempts. After you have implemented these controls, the next logical step is to launch a DNS filtering solution.   What is DNS filtering and why do you need it? Domain name server…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO