In terms of database security, any bad practice is dangerous. Still, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently deemed some behavior as “exceptionally risky.” Are your teams engaged in these high-risk practices? What can you do to mitigate the risk of a data breach?

As per CISA, “The presence of these Bad Practices in organizations that support Critical Infrastructure… is exceptionally dangerous and increases risk to our critical infrastructure, on which we rely for national security, economic stability and life, health and safety of the public.”

Even for those outside of national cybersecurity, these behaviors should be top of mind for any vulnerability assessment. While they may seem simple, each one involves complex cyber crime that cannot be ignored.

CISA Risky Behavior 1: Single-Factor Authentication

Single-factor authentication means a username and password grant user access with nothing else required. According to CISA, this is an all-too-common high-risk practice. Microsoft revealed its cloud services see about 300 million fraudulent sign-in attempts every day. Even eight-character passwords — with a mix of numbers, upper and lowercase letters and special characters — are cracked with relative ease.

The good news is that multifactor authentication (MFA) can stop 100% of bot attacks and 99% of bulk phishing attacks.

One common MFA method is a username and password, plus a message, link or code sent by text message. The second factor may also be a pin code, personal trivia (such as mother’s maiden name), a USB key fob or biometrics.

MFA Challenges

Still, there are some problems with MFA. Let’s say text messaging is the second factor. What happens if someone loses their smartphone or has it stolen? They lose access.

With SIM swapping, attackers trick, coerce or bribe phone company employees to transfer phone numbers to their own SIM cards. They can even generate fake SIM cards that mimic existing numbers. Also, by scanning wireless provider websites, attackers can find old phone numbers that have been abandoned.

Princeton researchers noticed that phone companies offer new numbers in blocks. Recycled numbers, however, appear in non-consecutive blocks. Attackers can match recycled numbers against directories on the dark web. Then, using numbers linked to online accounts, attackers can reset the passwords.

Due to more refined authentication threats, data security teams are turning to more advanced Identity and Access Management. This includes using context-based insight (such as device IDs, behavioral biometrics and location data) which leaves less room for risky authentication.

CISA Exceptionally Risky Behavior 2: Default Passwords and Credentials

If everybody and their cousin knows your username and password, you have a big problem. Some even have credentials written on a Post-it stuck to their monitor. These can be easily leaked. Plus, known, fixed or default credentials are simple to crack, CISA warns.

One way around this is to get rid of shared accounts. Also, run your passwords through strength evaluation, which ensures all passwords are unique and complex enough for threat deterrence. In the end, this category is a subset of the single-factor authentication risk basket.

CISA Exceptionally Risky Behavior 3: Unsupported or End-of-Life (EOL) Software

Upon finding outdated software or operating systems, threat actors can exploit existing data protection vulnerabilities. Since old software doesn’t get updated, the application security becomes patchless. CISA has been warning about this for years.

End-of-life (EOL) software is well-known terrain for threat actors. Sadly, it appears the well-known WannaCry ransomware attack on Microsoft Windows in 2017 still often flew under the radar. How do we know this? What else explains the fact that WannaCry attacks increased 53% from January 2021 to March 2021?

Microsoft had already released patches to close these doors. Still, much of WannaCry’s spread was from groups that did not apply the patches. Or they were using even older end-of-life Windows systems.

Some ways to mitigate unsupported this type of risk include:

  • Buy extended support – This is not the least expensive option, but consider the cost of a data breach. Extended support may not be possible for every system.
  • Isolate the risk – Separate standalone machines from your network and/or prohibit public internet access. Or isolate on a separate network with tight inbound and outbound traffic firewalls.
  • Limit user access – Audit who needs access and remove the software from devices that do not. If possible, consider setting some devices aside for only EOL software use.
  • Stay informed – Some vendors and original software providers may offer patches for common openings. Stay on the lookout for these while you implement long-term fixes.
  • Plan to upgrade – Out-of-date software carries security, operational, regulatory and compatibility issues. In the end, you need to formulate a replacement plan.

Avoid Dangerous Behavior

The CISA list isn’t long. End-of-life software issues always lead to a software upgrade or replacement. This leaves identity and access oversight as the most dangerous practice.

Static authentication often makes things too easy for threat actors or too cumbersome for users. As a solution, adaptive access strategies use artificial intelligence (AI) to build contextual authentication insights.

AI can determine the level of trust or risk tied to each user in any given context. When paired with access policy rules, this allows security to base access on level of trust. In low-risk cases, you can grant streamlined or even passwordless access. Meanwhile, advanced MFA can challenge high-risk users and protect access to critical infrastructure.

Adaptive access represents an emerging security trend. It’s no longer enough to set it and forget it. To stay ahead of threat actors, security context evaluation is critical.

Remember, avoiding dangerous behavior is a team effort. For cybersecurity training and cyber awareness training, make sure to educate your employees. For example, remind them that phishing attacks can occur via email, Voice over Internet Protocol, text and social media. So keep spreading the word, and be safe out there.

More from Data Protection

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today