CMMC: Why We Do It – Episode 1 “Shut the Front Door”

Understanding the Importance of Unauthorized Access Control

In the ever-evolving landscape of cybersecurity, safeguarding critical data from unauthorized access is paramount. Our recent webinar, “Shut the Front Door,” provided invaluable insights aimed at business leaders, operations executives, and IT managers within the government contracting community, emphasizing the necessity of robust access control measures and adherence to regulations like the FAR, DFARS, and NIST 800-171.

Key Takeaways from the Webinar

Distinguishing Authorized vs. Unauthorized Access

Understanding the difference between authorized and unauthorized access forms the foundation of cybersecurity. Unauthorized access not only leads to data breaches but can also result in significant financial losses and damage to an organization’s reputation.

Common Tactics Used by Attackers

Our experts highlighted various methods attackers employ to gain unauthorized access:

• Misconfigured Access Controls
• Social Engineering
• Physical Access

Consequences of Unauthorized Access

Using the Change Healthcare Breach as a case study, we discussed severe impacts of undetected, prolonged unauthorized access with stolen credentials.  The ransomware attack exposed files containing PHI or PII for millions of people and impacted the broader healthcare system. Many hospitals, doctors, and pharmacies faced significant operational disruptions, including delays in billing and prescription services.

The total financial impact of the breach could reach up to $1.6 billion, including the ransom payment, system restoration costs, and the financial support provided to affected healthcare providers

Attackers’ Unauthorized Access Playbook

Attackers usually follow a systematic approach:

1. Information Gathering from public sources.
2. Identifying Vulnerabilities.
3. Exploiting Human Factors (social engineering).
4. Avoiding Detection.
5. Establishing Persistence.
6. Exploring Sensitive Data.
7. Escalating Privileges.

Essential NIST 800-171 Control Families

Effective access control measures align with several NIST 800-171 control families, such as:

• Access Control
• Identification and Authentication
• Physical Protection
• Media Protection
• Maintenance

Implementing Practical Examples

Real-world applications of these controls were shared, including:

• Access Control: Role-based menus, session time-outs, and VPNs.
• Identification and Authentication: User accounts, passwords, and two-factor authentication.
• Physical Protection: Badge access systems, restricted areas, and visitor logs.
• Media Protection: Hard drive encryption, USB drive restrictions, and document shredding.
• Maintenance: Escorting maintenance personnel and controlling vendor access.

Conclusion

The initial defense against cyber threats is as simple as locking your digital front door. Implementing robust identity and access management practices is crucial for protecting critical data and maintaining organizational integrity.

Take Action: Enhance Your Cybersecurity Posture

Take the CMMC Readiness Assessment

Interested in bolstering your cybersecurity defenses?

• Watch the on-demand webinar, “CMMC: Why We Do It – Episode 1 Shut The Front Door”
• Contact Neosystems for personalized CMMC support

By taking these steps, you can equip your organization with the knowledge and tools needed to prevent unauthorized access and mitigate potential cyber threats. Do not wait—enhance your cybersecurity posture today with expert insights and assistance from Neosystems.

Unauthorized access as one of eight sets of threats that jeopardize information security and business continuity that we will explore.  Look for future articles in our series “CMMC, Why We Do It”.