It makes for an interesting read and provides good mitigation advice or direction on how to remediate. The Top 10 should come as no surprise to cybersecurity professionals but it's rather depressing to see the same list that could have been written five or 10 years ago.

The paper includes a plea not only for network defenders to follow best practice but software manufacturers to address common problems with their technology through secure-by-design and secure-by-default practices.

For those short of time the top 10 culprits are:

1) Default configurations of software and applications

2) Improper separation of user/administrator privilege

3) Insufficient internal network monitoring

4) Lack of network segmentation

5) Poor patch management

6) Bypass of system access controls

7) Weak or misconfigured multifactor authentication (MFA) methods

8) Insufficient access control lists (ACLs) on network shares and services

9) Poor credential hygiene

10) Unrestricted code execution

For those with a little more time on their hands the full pdf can be found here: https://media.defense.gov/2023/Oct/05/2003314578/-1/-1/0/JOINT_CSA_TOP_TEN_MISCONFIGURATIONS_TLP-CLEAR.PDF

How can IT Security Locksmith help?

IT Security Locksmith provide the following services to help address or identify some of these common vulnerabilities or weaknesses.

1) Holistic assessment of your cybersecurity posture

2) Threat and Vulnerability Management Assessment

3) Privileged Access Management Assessment

4) Generic cybersecurity assessments - looking at how specific systems or applications are configured and maintained

5) Several of the vulnerabilities above are best supplemented with a formal penetration test or red team exercise. IT Security Locksmith can assist if you need help identifying a suitable firm.

Get in touch!

If you have any questions about the services above please email: contact@itsecuritylocksmith.co.uk.