Matthew MacfadyenVice President of Cyber General Dynamics Information TechnologyHe said government agencies and organizations should be given priority. 4 Core Cybersecurity Practices To secure your environment, implement two-factor and multi-factor authentication, strengthen vulnerability and patch management, reduce your attack surface, and pursue proactive defensive cyber operations.
In an article published Wednesday on the GDIT website, he said agencies should “ensure that 2FA/MFA is applied from the top to the bottom of the technology stack (systems, applications, data)” and move to “passwordless, derived credentials, and/or phishing-resistant MFA.”
McFadden emphasized the importance of automated patch management in helping government agencies defend their network environments amid an increasing number of threats and vulnerabilities that can be exploited by adversaries.
“Automated patch management is critical for network devices, systems and applications. Striking a balance between stability and up-to-date security posture is a key metric for measuring whether an organization is taking vulnerability management seriously,” he added.
McFadden called on agencies to adopt Splunk and other visibility and analytics tools to centralize security telemetry and restrict access, and to deploy tools like Crowdstrike Falcon XDR to ensure point protection is in place across all assets.
“Make sure your application has cyber defense monitoring capabilities, which are your last line of defense against unpatched vulnerabilities,” he writes. “Ensure your web application firewall (WAF) and/or next-generation firewall (NGFW) are operating inline and actively defending against common attacks.”