Sourced From: CISA
CISA, the Cybersecurity and Information Security Agency, announced that it is creating a catalog of bad cybersecurity practices that pose great risks to organizations. The Executive Assistant Director, Eric Goldstein, stated that while there is extensive guidance on security “best practices”, more perspective is needed on “bad practices,” in order to prioritize the removal of critical risks.
To date, the catalog only contains two entries on exceptionally risky bad practices. They are:
- Use of unsupported (or end-of-life) software.
- Use of known/fixed/default passwords and credentials.
The Bad Practices catalog will continue to grow, as CISA adds to it. The catalog can be found here.