As the end of the year approaches, it is crucial for individuals and businesses to take stock of their cybersecurity measures to ensure they are fully prepared for any new threats that may arise. One important step to take is to review access technology and ensure that phishing-resistant multifactor authentication is implemented in the environment. For businesses, using hardware-based multifactor authentication, such as PKI or FIDO, is recommended for added security.
Recent attacks have shown that attackers have targeted Cisco hardware and software in exploits across various incidents. The Cybersecurity and Infrastructure Security Agency (CISA) advises organizations to disable any services and technologies that are not explicitly being used in their environment. Additionally, taking extra steps to disable specific Cisco services can further enhance security measures. These steps include disabling Cisco’s Smart Install service, guest shell access, any non-encrypted web management capabilities, and enabling encrypted SSL connections for web servers. It is also important to only enable web management if absolutely necessary and to disable telnet while ensuring it is not enabled on any Virtual Teletype (VTY) lines.
It is worth noting that the threat landscape is constantly evolving, with threat groups supported by the People’s Republic of China targeting both government entities and businesses. In February of this year, CISA issued an advisory regarding the Volt Typhoon and the Advanced Persistent Threat (APT) group’s capabilities to target organizations and conduct pre-compromise reconnaissance.
Taking proactive steps to secure systems and data is essential in today’s digital age, where cyber threats continue to evolve and grow in sophistication. By staying vigilant and implementing robust cybersecurity measures, individuals and organizations can better protect themselves against potential cyber attacks and data breaches. As the year comes to a close, it is an opportune time to review and strengthen cybersecurity practices to safeguard against emerging threats in the coming year.