Discussing Common Security Mistakes and Misconfigurations
We should never be under the impression that it’s the big blunders committed by users and enterprises that lead to big security incidents. It’s sometimes the little mistakes and very minor misconfigurations, mostly those missteps that could be easily avoided, that lead to big security incidents and data breaches. Companies are devastated, huge reputation damages are caused and data losses that impact not just organizations, but their customers as well occur- all sometimes because of such seemingly small security misconfigurations that could very easily have been avoided.
Let’s discuss some such common security mistakes and configuration issues that could land any modern business organization in a security mess…
Unwarranted delays in software patching
The WannaCry ransomware outbreak that struck hundreds of thousands of organizations across the world in May 2017 had happened basically because of organizations failing to apply on time the patches which Microsoft had already released to close the exploit that was instrumental in causing the outbreak. In fact, many big malware strikes that cripple organizations and hit individual users as well happen because of unwarranted delays in software patching. A vast majority of cyberattacks are seen to be executed exploiting bugs that are old and unpatched.
Yes, patching vulnerabilities on time is important, keeping all software and OSs up to date is key to cybersecurity, for individual users as well as organizations. Administrators must see to it that patch levels are properly maintained; this has to be done in a systematic and regular manner as in today’s world numerous exploits and vulnerabilities are found daily. Always keep the old adage in mind- A stitch in time saves nine!
Leaving default credentials unconfigured
This is a very common mistake that leads directly to hackers executing devastating cyberattacks and data breaches targeting leading enterprises. Administrators in many organizations tend to leave unconfigured default credentials for databases, devices, installations etc. Hackers could easily exploit such default credentials- on routers, firewalls, OSs etc- and cause data breaches. Cybercriminals resort to brute-forcing network devices by trying out different username-password combinations repeatedly; while making such attempts they mostly begin by trying out default credentials or easy-to-guess passwords and it works out on many occasions. Today there are many tools, which are easily available and which hackers could use to check for and find default passwords. These tools can even be used by amateurs. Hence, it’s always best to change default passwords as soon as you start using a device or any software.
Re-using login credentials, especially passwords
Almost every internet user today knows that having strong passwords, which ideally are a mix of alphabets (lower case and upper case), numbers and special characters, is a must for securing accounts and devices. But then, there are many, including professionals, who tend to use, or rather re-use, the same passwords (sometimes even usernames) across all devices and services in their network. This is a very serious kind of blunder because a hacker who manages to crack one password can use the same to gain access to multiple devices and systems. So, in enterprises (this is applicable for individual users as well), it’s always advisable to avoid password re-use.
Disabled logging could sometimes be helpful to hackers who get access to an organizational network. With the logging turned off, hackers who gain entry into a network would find it easy to move laterally through the network and search for vulnerable assets and data, that too without leaving tracks behind. Hence, administrators should always enable logging and should have it sent to a centralized location, like a good SIEM (Security Information and Event Management) platform. This helps investigators in forensics whenever there are cybersecurity incidents.
Open, exposed RDP ports
Services like RDP (Remote Desktop Protocol) help control computers from remote locations and are really of great help for enterprises big and small. But if the very same RDP ports are left open and exposed, they could be leveraged by cybercriminals to carry out attacks, including brute-force attacks, dictionary-style attacks etc. There have been many instances of leading business enterprises being targeted by cybercriminals leveraging such exposed RDP ports. Hence, administrators should ensure that all RDP ports are properly configured.