The joint guidance is meant for public and private organizations in the EU, specifically CISOs and other decision makers. The document is also recommended for entities that support organizational risk management.
A total of 14 recommendations are outlined, and organizations have been advised to prioritize them based on their specific business needs.
The list includes the implementation of multi-factor authentication, avoiding the reuse of passwords to prevent credential stuffing attacks, ensuring that all software is up-to-date, limiting the access of third parties to internal networks and systems, hardening cloud environments, reviewing data backup strategies, and changing default credentials and disabling protocols that use weak authentication.
