In today’s threat landscape, cybersecurity is not just an IT concern, it is a business imperative. With attacks becoming more sophisticated and frequent, organizations of all sizes must reassess their security posture. Even companies with significant IT investments can fall victim to breaches, due to overlooked vulnerabilities.
A prime example is the Ingram Micro ransomware incident, where one of the world’s largest IT distributors was forced to shut down systems across multiple regions. The attackers reportedly exploited internal vulnerabilities, resulting in widespread disruption. It is a reminder that even the best-known names in the Tech industry are not immune and neither is your organization.
At Movaci, our cybersecurity assessments consistently reveal the same three critical weaknesses across businesses whether they are large or small. The good news is these gaps are highly fixable when using the right approach. Let us explore what they are and how your organization can address them before attackers do.
1. Inadequate Multi-Factor Authentication (MFA)
The Issue
Despite the rising adoption of Multi-Factor Authentication (MFA), many companies still apply it inconsistently by limiting to administrator accounts or certain cloud platforms, while leaving other services unprotected.
The Risk
Relying on passwords alone is risky. They are often reused, weak, or exposed in breaches. A single compromised credential can give attackers unrestricted access to your network, systems, and sensitive data.
How to Fix It
Implementing Multi-Factor Authentication (MFA) across your organization is one of the most cost-effective ways to reduce the risk of an account compromise. Here is how it can be done effectively:
- Conduct a Full Account Audit: Identify all user accounts across your environment, including cloud platforms, remote access points, and third-party services.
- Standardize Multi-Factor Authentication (MFA) as a policy: Enforce Multi-Factor Authentication (MFA) through group policies or identity providers (like Cisco Duo or Microsoft Authenticator). Make it a non-negotiable requirement across departments.
- Prioritize High-Risk Entry Points: Begin by protecting email systems, VPNs, cloud apps, and admin tools. Then expand coverage to all internal services.
- Select Modern Authentication Methods: Use app-based Multi-Factor Authentication (MFA) (Cisco Duo or Microsoft Authenticator) or hardware keys (YubiKey) instead of SMS codes, which are vulnerable to interception and SIM swapping.
- Integrate Multi-Factor Authentication (MFA) with SSO: Streamline user access and reduce friction by integrating Multi-Factor Authentication (MFA) into your single sign-on (SSO) solution.
- Educate Employees: Communicate why Multi-Factor Authentication (MFA) is critical and provide easy to follow guides. Ensure help desk staff are prepared to support MFA related issues.
- Track Compliance: Monitor adoption rates and set up alerts for users without Multi-Factor Authentication (MFA) or with weak enrollment practices.
2. Outdated Systems and Missing Security Patches
The Issue
It is common to find outdated operating systems, unpatched software, or unsupported hardware, quietly running in the background forgotten but exposed.
The Risk
Unpatched vulnerabilities are a favorite entry point for attackers. Tools that scan the internet for these weaknesses are widely available and heavily used.
How to Fix It
Staying current with patches and updates is essential for reducing your organization’s attack surface. Here is a robust approach:
- Build A Comprehensive Asset Inventory: Know every device, OS, and application in your environment. Use asset discovery tools to uncover shadow IT or forgotten systems.
- Automate Patch Management: Use tools like Microsoft Intune, or third-party solutions (like ManageEngine) to schedule and push patches automatically.
- Categorize Systems By Criticality: Group systems based on the data they handle and their risk level to prioritize patching efforts.
- Establish Patching Service Level Agreements (SLAs): Define internal service level agreements. For example, apply critical patches within 48 hours and high severity patches within a week.
- Scan Regularly For Vulnerabilities: Use tools like Nessus, Qualys, or Rapid7 to perform regular vulnerability scans and prioritize remediation based on CVSS scores.
- Segment Or Isolate Legacy Systems: If you cannot replace a legacy system immediately, isolate it on a separate network, restrict internet access, and limit user access.
- Schedule Maintenance Windows: Coordinate regular update periods to avoid operational disruptions and encourage consistent patching cycles.
- Keep Firmware Updated: Include routers, firewalls, switches and IoT devices in your patch management plan. These are often overlooked and easily exploited.
3. Unmonitored or Misconfigured Backups
The Issue
Too many organizations take a “set it and forget it” approach to backups. Often, backup systems are misconfigured, incomplete, or left vulnerable on the same network as production systems.
The Risk
If your backups are encrypted, deleted, or corrupted during a ransomware attack, recovery becomes impossible. This can lead to extended downtime, data loss, and business disruption.
How to Fix It
A strong backup strategy is your insurance policy against ransomware, outages, and human error. The following can help increase the reliability of your backups:
- Follow the 3-2-1 backup rule: Maintain three copies of your data (primary + 2 backups), on two different media types (Tapes + Cloud), with one stored offsite.
- Use immutable backups: Choose backup solutions that support write-once, read-many (WORM) settings or time-based immutability to prevent tampering.
- Encrypt Your Backups: Ensure backup data is encrypted both in transit and at rest, using strong encryption standards.
- Test Restores Regularly: Schedule quarterly (or monthly) recovery tests to verify that backups can be restored quickly and completely. Include real-world scenarios like partial restores or cloud recovery.
- Monitor Backup Job Health: Set up logging and alerting for failed or incomplete backups. Use centralized monitoring tools to track backup performance over time.
- Restrict Access To Backup Systems: Use role-based access control (RBAC) to limit who can modify, access, or delete backups. Implement Multi-Factor Authentication (MFA) for administrative access to backup consoles.
- Set Appropriate Retention Policies: Balance long-term data retention requirements (e.g., for compliance) with storage costs. Ensure you are not inadvertently overwriting vital backups or forget to securely delete backups that are past their Retention Date.
Conclusion
Addressing these gaps is not just about checking boxes, it is about building organizational resilience. It is not IF but WHEN a Cyberattack happens and the severity of the Cyberattack will depend on how prepared you are. The more proactive your defenses are, the less damage an attacker can do.
If you are unsure where your vulnerabilities lie, now is the time to ACT! Not after an incident forces your hand. Contact Us today to schedule a free Cybersecurity Risk Assessment with Movaci to find out where your organization stands.