CertNZ (Computer Emergency Response Team New Zealand) is the government agency responsible for managing cyber security incidents and providing advice on how to stay safe online. Each year, they release a list of the top ten critical vulnerabilities identified in New Zealand. This blog post will look at the top 10 CertNZ critical controls and how ManageEngine solutions can help you mitigate these risks.

 

Phishing attacks

 

Phishing attacks are common method cybercriminals use to gain access to sensitive information such as login credentials, credit card details, and personal data. ManageEngine’s Password Manager Pro can help you combat phishing attacks by providing a secure way to store and manage passwords and enforcing password policies that can prevent users from using weak passwords that are easy to guess. Data Security Plus and DLP solutions help prevent data loss and protect real-time data. Hybrid AD and SIEM Solutions help with risk mitigation.

 

Remote desktop protocol (RDP) attacks

 

RDP attacks are brute force attacks where cyber criminals attempt to gain access to your network by guessing your RDP login credentials. ManageEngine’s Desktop Central and Access Manager solutions can help you mitigate the risk of RDP attacks by providing a secure way to manage and monitor remote desktop sessions.

 

Vulnerabilities in content management systems (CMS)

 

Content management systems such as WordPress and Drupal are popular targets for cybercriminals looking to exploit vulnerabilities in these platforms. ManageEngine’s Vulnerability Manager Plus can help you identify and remediate vulnerabilities in your CMS and provide insights into your organisation’s overall security posture.

 

Software vulnerabilities

 

Software vulnerabilities are flaws in software that cybercriminals can exploit to gain unauthorised access to your network. ManageEngine’s Patch Manager Plus can help you identify and patch software vulnerabilities before they can be exploited.

 

Internet of Things (IoT) devices

 

IoT devices such as smart TVs and home automation systems are becoming increasingly popular but can also be vulnerable to cyber-attacks. ManageEngine’s Network Configuration Manager can help you manage and secure your IoT devices by providing a centralised console for monitoring and configuring these devices.

 

Ransomware attacks

 

Ransomware attacks involve the encryption of your data by cyber criminals who demand payment in exchange for the decryption key. ManageEngine’s SIEM Log360 solutions help with alerts and workflow automation to mitigate the risks from threat vectors. RecoveryManager Plus can help you recover your data in the event of a ransomware attack and provide insights into how the attack occurred and how to prevent future attacks.

 

Malware infections

 

Malware infections can lead to data theft, system downtime, and other serious consequences. ManageEngine’s Endpoint Security solutions can help you detect and remove malware infections and provide real-time protection against future attacks.

 

Social engineering attacks

 

Social engineering attacks involve manipulating individuals to reveal sensitive information or perform actions that benefit the attacker. ManageEngine’s User Behaviour Analytics can help you identify and mitigate the risk of social engineering attacks by monitoring user behaviour and detecting anomalies.

 

Misconfigured cloud services

 

Misconfigured cloud services can expose your organisation to various cyber security risks, including data breaches and unauthorised access. ManageEngine’s Cloud Security Plus can help you identify and remediate misconfigurations in your cloud services and provide real-time monitoring and reporting on your cloud security posture.

 

Web application vulnerabilities

 

Cybercriminals can exploit web application vulnerabilities to access sensitive information or execute malicious code on your network. ManageEngine’s Endpoint Security solutions, like Browser Security solutions Application Firewall, can help you identify and block web application vulnerabilities and provide real-time protection against attacks.

In conclusion, the top 10 CertNZ critical controls highlight the importance of having a comprehensive cyber security strategy that addresses a wide range of threats. ManageEngine offers a range of solutions that can help you mitigate these risks and protect your organisation from cyber-attacks.

By using these solutions with best practices such as regular security assessments and staff training, your organisation’s cyber security controls and security posture can be aligned with CertNZ’s Top 10 critical controls.

 

Reach out to kris@bluechipit.co.nz and sales@manageengine.co.nz to learn how we can assist with our best-in-class comprehensive IT management security solutions and professional services by our regional experts/ consultants.

 

controls