The Latest Cybersecurity Best Practices from the FBI, NSA, and CISA [Feb. 2022]

Stay up to date on the latest cybersecurity best practices recommended by the FBI, NSA, and CISA to stay protected against the most modern cyberthreats.

Identity and Access Management Controls

Implementing Multi-Factor Authentication

It is recommended that organizations require multi-factor authentication for all users with no exceptions. This means implementing an additional layer of security for user logins that requires a combination of two or more credentials to verify the identity of the user.

This increases an organization’s security because even if one set of credentials is compromised by bad actors, an unauthorized user will still be unable to access the network without both.

Set a Strong Passphrase Policy

Setting a strong password and passphrase policy is also recommended to increase security and prevent unauthorized access. Organizations must use strong passphrases that are complex, long, and only used for one account.

Additionally, ensure these passwords and passphrases are securely stored using appropriate software with security measures in place.

Set Standards for Credential Security

To secure login credentials, it is recommended that organizations adhere to these best practices:

• Use virtualizing solutions on modern hardware and software to ensure credentials are stored securely
• Disable the storage of clear text passwords in local security authority server service (LSASS) memory
• Limit or disable New Technology Local Area Network Manager (NTLM) and WDigest Authentication
• Implement Credential Guard for Windows 10 and Server 2016. For Windows Server 2012R2 enable Protected Process Light for Local Security Authority (LSA)
• Minimize the AD attack surface to reduce malicious ticket-granting activity (TGS)

Audit Domain Controllers

To ensure requests and events are monitored for malicious activity, organizations should secure their accounts and enforce access management protocols to prevent misuse of credentials. Here are some best practices to follow:

Enforce the principle of least privilege. Accounts should only have access to the minimum permissions they need in order to fulfil their duties.

Require unique and distinct administrative accounts for different sets of tasks

Create non-privileged accounts for privileged users. Provide non-privileged accounts for privileged users to perform actions like web browsing, email access, etc.

Protective Controls and Architecture

Utilize Network Monitoring Tools to Spot Abnormal Activity

Organizations should use network monitoring tools to identify, detect, and investigate abnormal behavior that could indicate a malicious party, lateral movement, or malware.

Organizations can use endpoint detection and response (EDR) tools to detect these lateral connections as they’ll have insight into the common and uncommon network connections for each host, making it easier to identify connections that don’t belong.

Enable Strong Spam Filters

To prevent phishing emails from reaching their end users, organizations should invest in stronger spam filters to remove emails with executable files to prevent them from causing harm.

Additionally, user training should be given to help users identify and avoid visiting malicious websites, opening suspect attachments, and to overall have a better understanding of potential threats lurking in their inbox or online.

Implement Network Segmentation

Critical infrastructure organizations should implement network segmentation to help separate networks based on role and functionality. This can prevent lateral movement by controlling traffic flows and access to various subnetworks.

Appropriately implemented network segmentation between IT and Operational Technology (OT) networks limits the ability of adversaries to pivot to the OT network even if the IT network is compromised.

Organizations should also organize their OT assets into logical zones and take into account criticality, consequence, and operational necessity. Define the acceptable communication conduits between these zones and deploy security controls to help filter network traffic and monitor communications between zones to identify unwanted actors.

Vulnerability and Configuration Management

Consistently Update Software

Organizations should always update their software—including operating systems, applications, tools, and firmware on IT network assets—in a timely manner to maintain high security. Prioritize patching known exploitations and vulnerabilities and critical software.

Consider using a centralized patch management system for OT networks and use a risk-based assessment strategy to determine the OT network assets and zones that should be a part of it.

Additionally, always use the best, most-updated antivirus programs to prevent malware from entering your network.

Implement Configuration Management Programs

These programs help track and mitigate emerging threats by reviewing system configurations to find misconfigurations that could lead to security weaknesses and vulnerabilities.

Disable Unnecessary Ports and Protocols

Review your network security device logs and determine which ports and protocols are unnecessary and can be shut off.

In Conclusion

Cybersecurity is always changing and adapting as hackers find new ways to penetrate systems and cause harm to business networks. Organizations should always adhere to the most up-to-date best practices to ensure they are fully protected against cyberthreats.

If you want to learn more about these threats or the cybersecurity solutions that can help you stay secure against them, contact a DOT Security expert today or learn more on our Insights Page.