The U.S. Cybersecurity & Infrastructure Agency (CISA) has added the use of single-factor authentication for remote or administrative access to its list of “Bad Practices” of exceptionally risky cybersecurity practices.
Single-factor authentications is a common low-security method of authentication that only requires matching one factor, such as a password to a username to gain access to a system.
CISA advises all organizations to avoid single-factor authentication. For organizations that support critical infrastructure, this method is especially dangerous.
Recent incidents have proved cyberattacks against critical infrastructure can have significant impacts on national security, economic stability, life, health, and safety of the public — all critical functions of the government and private sector.
The first bad practice on CISA’s list is the use of unsupported (or end of life) software in services of critical infrastructure organizations.
An example of this is the 2017 WannaCry incident — a global ransomware attack that spread through computers using Microsoft Windows.
About 300,000 computers around the globe and across almost every economic sector were impacted….
