One of my favorite movies is WarGames. If you haven’t seen it, stop reading immediately cause I’m going to spoil it for you.
In the movie, David Lightman (played by Mathew Broderick) uses a technique called wardialing, where his computer dials every phone number in a given area to find a modem at the other end. David discovers a modem for a military supercomputer aka WOPR (War Operation Plan Response, because everything needs an acronym). Once he's connected, he relies on easily guessable passwords, combined with knowledge of the developer's personal life (like the name of the developer's deceased son), to gain unauthorized entry.
Now, let's relate this to multi-factor authentication (MFA). If the military supercomputer had a form of MFA in place, David's knowledge of a password or personal details alone wouldn't have been enough. He would've needed another form of verification - be it a physical token, an SMS code, or another biometric form of ID - to gain access.
The ability to access corporate networks from anywhere in the world has revolutionized the way businesses operate. Employees can collaborate across continents, respond to client needs in real-time, and maintain productivity even when they can't physically be in the office.
Yet, this convenience poses a significant challenge: How can businesses ensure that the individuals accessing their networks remotely are who they say they are? You guessed it, MFA.
In the era of remote and hybrid work, network security is more vital than ever. Cyber professionals must not only protect data but also ensure secure access. Enter CIS Safeguard 6.4, which mandates MFA for remote network connections. This isn't just a password; it's an added security step, like a one-time code or biometric check. Building on the previous CIS Safeguard 6.3, which focuses on MFA for external applications, 6.4 further strengthens the network's defenses.
Why is CIS Safeguard 6.4 Crucial in Today's Context?
- The Surge of Remote Work:
The COVID-19 pandemic dramatically accelerated the adoption of remote work, transforming it from an occasional perk to a standard operating model for many organizations. This shift expanded the network perimeter, making MFA essential to ensure that every remote access point is secure.
- Diversified Threat Landscape:
With an increase in remote access points, threat actors have more potential entry points. MFA acts as an added barrier, making unauthorized access substantially more challenging.
- Safeguarding Sensitive Data:
For organizations handling sensitive data, any breach could result in severe financial and reputational consequences. MFA for remote network access ensures an added layer of protection for such critical data.
Implementation Considerations for Cyber Professionals:
- User Training:
While MFA enhances security, it also introduces an additional step for users. Proper training and clear communication regarding the importance and procedures of MFA can ease the transition.
- Scalable Solutions:
The MFA solution chosen should be scalable, considering the potential growth in the number of remote users and the array of devices they might use.
- Continuous Monitoring:
Implementing MFA is not a one-off task. Continuous monitoring and regular updates ensure that the MFA solution in place remains effective against evolving threats.
Here’s a link to the Account and Credential Management Policy Template for CIS Controls 5 and 6 provided free of charge from the fine folks at the Center for Internet Security: https://www.cisecurity.org/insights/white-papers/account-and-credential-management-policy-template-for-cis-controls-5-and-6
Here’s some detail on this specific Control/Safeguard. If you want more detail, DM me.
CIS Control 6 – Access Control Management
Use processes and tools to create, assign, manage, and revoke access credentials and privileges for users, administrators, and service accounts for enterprise assets and software.
Implementation Group 1
CIS Safeguard 6.4 - Require MFA for Remote Network Access
Require MFA for remote network access