https://www.logpoint.com/en/blog/logpoints-top-ten-mitre-attck-techniques/
and here is what your org can do about them –
| Focus Area | Recommendation | Severity | Implementation Difficulty |
|---|---|---|---|
| Security Awareness Training | Provide ongoing security training for employees and regularly test their understanding. | Medium | Easy |
| Patch Management | Regularly update and patch systems and applications to protect against known vulnerabilities. | High | Easy |
| Endpoint Protection | Implement antivirus, anti-malware, and EDR solutions to detect and prevent malicious activities. | High | Moderate |
| Network Segmentation | Segment the network to limit attackers’ lateral movement and reduce the attack surface. | Medium | Moderate |
| Backup and Recovery | Implement a robust backup and recovery plan to ensure the availability and integrity of critical data. | High | Moderate |
| Public-Facing Application | Update, patch, and employ WAFs to protect public-facing applications against exploits and attacks. | High | Moderate |
| Incident Response Plan | Establish a robust incident response plan and conduct regular tabletop exercises and security drills. | High | Moderate |
| Registry Modification Protection | Monitor registry changes, restrict access to critical keys, and implement backup/restore policies. | Medium | Moderate |
| Scheduled Task Management | Regularly review and audit scheduled tasks, and limit the creation of tasks to authorized users only. | Medium | Moderate |
| Privileged Access Management | Implement least privilege principle and monitor privileged account activities. | High | Hard |
| Multi-Factor Authentication | Implement MFA for critical systems, applications, and remote access. | High | Hard |