The United States and other countries released a cybersecurity alert May 17 with recommendations on how to prevent bad actors from infiltrating networks.
The U.S. Cybersecurity and Infrastructure Security Agency report says hackers typically gain access to networks by phishing and exploiting public-facing applications, trusted relationships, valid accounts and external remote services.
“Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system,” the warning said.
The report also gives recommendations for making networks more secure: control access; implement credential hardening; establish centralized log management; employ antivirus programs; employ detection tools and search for vulnerabilities; maintain rigorous configuration management programs; and initiate a software and patch management program.