Bad Practices

9297005663?profile=RESIZE_400xCybersecurity professionals, including the US expert team at the Cybersecurity and Infrastructure Security Agency (CISA), often focus on promoting best practices: the necessary steps that organizations must take to secure their enterprises. It is equally important for organizations to focus on stopping bad practices.

High-risk and dangerous technology practices are often accepted because of competing priorities, lack of incentives, or resource limitations that preclude sound risk management decisions.  These practices can result in untenable risks to national security, the economy, critical infrastructure, and public safety.  Leaders at all organizations, and particularly those that support National Critical Functions, should engage in urgent conversations to address technology bad practices.

There is certainly no lack of standards, practices, control catalogs, and guidelines available to improve an organization’s cybersecurity.  While this body of guidance is invaluable, the sheer breadth of recommendations can often be daunting for leaders and risk managers.  Given the risk facing many nations’ critical infrastructure, as reflected by recent incidents, additional perspective is needed.  Putting an end to the most egregious risks requires organizations to make a concerted effort to stop bad practices.

The principle of “focus on the critical few” is a fundamental element of risk management. Based on the understanding that organizations have limited resources to identify and mitigate all risks it should also be an essential element of every organization's strategic approach to security.  Addressing bad practices is not a substitute for implementing best practices, but it provides a rubric for prioritization and a helpful answer to the question of “what to do first.”

As recent incidents have demonstrated, cyberattacks against critical infrastructure can have significant impacts on the critical functions of government and the private sector.  All organizations, and particularly those supporting designated Critical Infrastructure or National Critical Functions (NCF) should implement an effective cybersecurity program to protect against cyber threats and manage cyber risk in a manner commensurate with the criticality of those NCFs to national security, national economic security, and/or national public health and safety.  

CISA is developing a catalog of ‘Bad Practices’ that are exceptionally risky, especially in organizations supporting Critical Infrastructure or NCFs.  The presence of these Bad Practices in organizations that support Critical Infrastructure or NCFs is exceptionally dangerous and increases risk to our critical infrastructure, on which we rely for national security, economic stability, and life, health, and safety of the public.  Entries in the catalog will be listed on the CISA website as they are added.

  1. The use of unsupported (or end-of-life) software in service of Critical Infrastructure and National Critical Functions is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety. This dangerous practice is especially egregious in internet-accessible technologies.
  2. Use of known/fixed/default passwords and credentials in service of Critical Infrastructure and National Critical Functions is additionally dangerous and significantly elevates risk to national security, et al. This is also a dangerous practice.

While these practices are dangerous for Critical Infrastructure and NCFs, CISA encourages all businesses and organizations to engage in the necessary actions and critical conversations to address ‘Bad Practices.’

At Red Sky Alliance, we can help cyber threat teams with services beginning with cyber threat notification services, and cyber collection and analysis.  Our services will provide a list of “Good Practices” for all industry segments.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance