CISA joint advisory on access control. Are you still missing MFA?

The US Cybersecurity and Infrastructure Security Agency has issued a joint advisory with the cyber security organisations from the UK, New Zealand, Netherlands and Canada listing ten regularly exploited weak security controls, poor configurations, and bad practices that allow threat actors to compromise networks.

Here is the article:

Weak Security Controls and Practices Routinely Exploited for Initial Access | CISA

It is amazing that “not using multi-factor authentication” is the top exploit. This is probably the most easily fixed – so get it done.

I passed this onto the team at Octagon to read and we made it the subject of discussion of our weekly training meeting. Following that meeting the support team split the clients between themselves and started a round of phone calls checking on the client’s use of MFA.

Clive Catton MSc (Cyber Security) – by-line and other articles

Multi-factor authentication (MFA) is also referred to as dual-factor authentication (DFA) and two factor authentication (2FA). All have the same function to securely provide a one time password (OTP), only to the authorised user, so they can get access to a service. Examples of services that implement MFA for added security are; Microsoft 365, Google, WordPress and Amazon among many, many others.