Unauthorised use of devices/networks
This attack refers to third parties who have not been authorised to access your device and/or network and may lead to sensitive data being compromised or stolen and/or potentially malicious software being loaded onto your computers or servers. To guard against this, below provides some useful methods to implement.
1. Protect user credentials and avoid storing any in plaint text.
2. Set up Two Factor Authentication (2FA) and Single sign-on (SSO) for reducing passwords from being stolen and remove/suspend any accounts no longer in use.
3. Apply the principle of least privilege to user accounts.
4. Ensure limited administrator accounts on a need-only basis which are not used to check email or browse the web.
5. Ensure all devices on the network are patched with the latest release.
6. Utilise local firewalls on hosts to restrict unnecessary inbound and outbound traffic, e.g. by default block all inbound connections and use explicit permissions.
7. Use secure boot settings where possible.
8. Utilise network segregation such as isolating critical business systems.
9. Use network monitoring for events and recording logs.
10. Implement a robust password policy.