Threat Landscape
We’ve noticed a concerning trend: threat actors are taking advantage of misconfigurations on various devices, such as PCs, laptops, and servers. In fact, according to Microsoft Cyber Signals’ latest report (August 2022), 80% of successful ransomware attacks are a result of misconfigurations.
This issue was brought to light recently when Microsoft itself fell victim to a data breach caused by a misconfiguration, resulting in the leak of 2.4TB of data. This highlights the importance of properly configuring devices to reduce the risk of exploitation by threat actors.
Policy
In response to this breach, Microsoft simply stated that the problem was caused by an unintentional misconfiguration on an endpoint. It’s no wonder that the recently released Government Cyber Security Strategy for 2022 to 2030 emphasizes the need for all public sector organizations to be resilient against cyber threats, including establishing Secure configurations across all public sector organizations as part of Objective 3: Protecting Against Cyber Attacks.
The government aims to significantly strengthen critical functions against cyber-attacks by 2025 and ensure that all government organizations in the public sector are resilient to known vulnerabilities and attack methods by 2030, including local government. National Cyber Security Centre (NCSC) which operates under the Government Communications Headquarters (GCHQ), developed the Cyber Assessment Framework (CAF) to support the UK’s implementation of the European Union’s Network and Information Systems (NIS) Directive in 2018. Today, a significant number of UK providers of essential services are using the framework to help them improve cyber security. The below governing bodies will work closely to ensure each public sector organization to assess against CAF
The Department for Levelling Up, Housing, and Communities (DLUHC) is the governing body responsible for local and central government. Which is currently piloting the CAF Cyber Assessment Framework
To help manage data protection and security risks in the healthcare sector, the National Health Service (NHS) in the UK utilizes the Data Protection and Security Toolkit (DPST) for Cyber Assessment Framework (CAF). The CAF is developed and maintained by the National Cyber Security Centre (NCSC),
As part of the Government Cyber Security Strategy, organizations are advised to focus on establishing secure configurations of government productivity tools.
Government will work with its primary providers of productivity suites to further develop baseline security configurations for government organisations to follow and adapt. Doing so will ensure that all government organisations understand how to configure their productivity suites to provide a baseline level of cyber security, which will dramatically reduce common risks caused by misconfiguration.
Our Focus
We will focus on: Secure By Design and Configuration, specifically:
- B4 Cyber Assessment Framework governed by The Department for Levelling Up, Housing and Communities (DLUHC)
- Critical Network Infrastructure (8.4) Secure by design and configuration (8.4.1 – 8.4.2) DSPT Data Security Protection Toolkit, governed by NHS Digital
NHS DIGITAL – DSPT
- Your infrastructure should follow secure-by-design principles for optimal protection, including network topology and server hardening.
- Ongoing patching and configuration changes are necessary to maintain secure design principles.
- Secure by design should include appropriate skill sets, network segregation, simple data flow, recoverability, and content inspection.
- Secure configuration involves knowing configurable items, using baseline and last known good builds, managing change, validating software, white-listing software, and managing automated decisions.
CYBER ASSESSMENT FRAMEWORK – NATIONAL CYBER SECURITY CENTRE (NSCS)
- You securely configure the network and information systems that support the operation of essential functions.
Achieved; All the following statements are true
- Actively manage and maintain security configurations, patching, and updates for assets that require careful configuration for maintaining the security of the essential function.
- Ensure all platforms conform to secure, defined baseline builds or the latest known good configuration version for that environment.
- Manage changes effectively in the environment, including secure and documented network and system configurations.
- Regularly review and validate network and information systems for expected, secured settings and configurations.
- Restrict software installation to permitted software only.
- Ensure standard users cannot change settings that would impact security or business operations.
- Ensure the operation of automated decision-making technologies is well understood and decisions can be replicated
Gytpol Secure Configuration
GYPTOL offers a comprehensive solution to address the misconfiguration issues that organisations face. Our solution provides a centralized view of all devices, ensuring that they are not misconfigured. With our solution, manual efforts are no longer necessary, saving time and resources. Our solution is robust and scalable, allowing organizations to quickly identify gaps and remediate them.
In particular, we understand the unique challenges that healthcare and public sector organizations face with stretched IT resources and budgetary restrictions. Our solution emphasizes actionable automation rather than actionable intelligence, enabling organizations to focus on their core business while we take care of their cybersecurity needs.
Examples of misconfigurations that our solution can address include:
- Risky default settings not changed
- Human errors in making configuration settings
- Exposed passwords
- Group policies not applied on endpoints
- Non-patchable vulnerabilities (when you cannot patch)
With GYPTOL’s solution, your organization can have peace of mind knowing that all devices are configured securely and vulnerabilities are promptly remediated.
Gytpol: Continuous detection and automatic remediation of misconfigurations on your devices without impacting business operations. No more costly and partial manual methods, and Gytpol ensures your environment is hardened and your Group Policy/InTune is applied. Achieve security and ROI quickly with close to zero personnel cost.
Capabilities with Gytpol
- Validating existing policies, GPO’s and Intune, currently, MSFT doesn’t provide an ability to validate if policies have been applied.
- Centralized visibility of endpoint, continuously detecting and mapping security misconfiguration against MITRE ATT&CK surface provide insight on
- Prioritization
- Curation of the vulnerability
- Usage visibility at the device level to make an informed decision for remediation
- Reducing the attack surface On click remediation, zero impact with revert, auto reapply and schedule by computer groups, all in a matter of minutes. Currently, on average it takes over 60 days to close security vulnerabilities. https://gytpol.com/video/scheduling-a-remediation-for-a-group-of-devices-to-disable-tlsv1/
- Gytpol is also helping remediate zero-days, including Log4 (without patching!), Follina, Print Nightmare. Remember the devasting SMBV1 vulnerability for WannaCry
- Reducing Cost of Ownership through simplistic automation
- Reducing the time from detection to remediation (MTTR)
- Providing Continuous Compliance (CIS & NIST)
- Remediate non-patchable vulnerabilities
- Achievement Dashboard – quantify your risk reduction and time saved through automation
- Providing a concrete ROI
- Assisted organizations with access to NHS patient data and systems in meeting the Data Security and Protection Toolkit (DSPT) requirements for good data security practices
Gytpol was able to provide a benchmark score for desktop builds for the Centre for Internet Security, a key audit requirement with a built-in check, according to the Head of Digital and Information Services at Mid Cheshire Visit our website at
https://gytpol.com/resource/nhs-mid-cheshire-hospital-case-study/ for more information.
Why not get in touch to hear more about how Gytpol is helping organizations tackle Secure configuration and ACHIEVE compliance against CAF and DSPT.
You can sign up for your free Security Configuration assessment in one of the following ways:
- Reach out to [email protected] or via your trusted advisory account manager
- Register for a free trial here
