29 November, 2022
In the current digital landscape, cyber-attacks continue to grow in complexity and pose considerable threats to businesses across the board. Not only can cyber security incidents result in extended downtime for your business, but they can severely damage your hard-earned reputation, reduce your credibility within industry, and result in the loss of your client’s trust. This in turn, may not only lead to huge financial burden, but it could also bring about insurance and other regulatory implications for your organisation. Taking appropriate steps to actively mitigate the potential impact of a cyber-attack, should therefore, not be taken lightly.
While no single mitigation strategy is guaranteed to prevent all cyber security incidents, the Australian Cyber Security Centre’s (ACSC) Essential Eight (E8) are considered the top eight security controls that are most effective when it comes to mitigating cyber security incidents and making it harder for adversaries to compromise your systems.
There are three main objectives of the Essential 8:
- Preventing malware delivery and execution
- Limiting the extent of cyber security incidents
- Recovering data and system availability
01 Application Control
Also known as 'Application Whitelisting', application control allows for a pre-defined list of approved applications and application components to be authorised for use in your organisation. All unapproved programs, including malware, are blocked from executing to gain access or steal your data. It is recommended that the execution of executables, software libraries, scripts, installers, compiled HTML, HTML applications and control panel applets is prevented on your organisations workstations from within standard user profiles and temporary folders used by the operating system, web browsers and email clients.
02 Patch Applications
Keeping client and server-based applications up to date is critical in staying proactive against cyber threats and software vulnerabilities. Downloading the latest updates for drivers and firmware is also vital in reducing the chance of a cybersecurity incident. Turning on automatic updates is a helpful feature to ensure this occurs in a timely fashion. Unpatched applications can be exploited by attackers and in the worst case enable an attacker to completely takeover an application, access all information contained within and use this access to enter connected systems. It is recommended that patches, updates, or vendor mitigations (temporary workarounds) for security vulnerabilities on internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists. It is also recommended that applications that are no longer supported and do not receive security fixes, are not used within your organisation.
03 Configure Microsoft Office Macro Settings
Macros can be used to run automated malicious commands that could enable an attacker to download and install malware in your digital environment. Appropriately configuring Microsoft Office macro settings to block macro’s entering the network from the internet or block those that are embedded in documents from unverified sources, will reduce the risk of cybercriminals infecting your organisation with malware. It is recommended that only vetted macros, either in a ‘trusted location’ with limited write access, or digitally signed with a trusted certificate, should be allowed to be executed. Macros should be disabled for users that do not have a demonstrated business requirement, the type of commands a macro can execute should be restricted and the usage of macros within your organisation should also be monitored.
04 User Application Hardening
Disabling, or limiting, specific application features can play a key role in preventing cyber-attacks. Examples such as disabling Flash, limiting Java functions, blocking internet ads, and any other unnecessary features on applications or web browsers, will make it more difficult for attackers to successfully run commands to install malware.
05 Restrict Administrative Privileges
Limiting how privileged accounts, with the ability to administer and alter key system and security settings can be accessed and used, is critical. Cyber-attacks will often focus on administrative accounts to gain greater access to your entire system and network. Limiting these administrative accounts to a bare minimum of staff with the appropriate requirements, and restricting them from checking email, downloading data, or accessing online services, is highly recommended. Requests for privileged access to systems and applications should be validated and approved by an appropriate delegate and evaluating the privileged rights of your employees on a regular and periodic basis is advised.
06 Patch Operating Systems
Attackers can exploit unpatched operating systems, and in the worst-case scenario, enable an attacker complete control over an application, allowing access to all its data, and allowing access to other connected systems within your environment. It is recommended that patches, updates, or vendor mitigations for security vulnerabilities in operating systems of workstations, servers, and network devices are applied within one month of release. If there is a known security vulnerability, however, patching within 48 hours of its release is recommended. Enabling automatic patch updates are again recommended and refraining from using old / unsupported operating systems is advised. Patching your computers ensures another added layer of security against cyber threats.
07 Multi-factor Authentication
Multi-factor authentication plays a key role in keeping accounts secure, as it requires an additional level of verification when authenticating to your organisation’s internet-facing services, instead of solely relying on a password. Multi-factor authentication is the process of requiring at least two or more factors to authenticate access credentials for an account. The first form of authentication is generally a password, followed by a time-sensitive code obtained from a soft key application, or sent to an email address or mobile phone, as an example.
08 Daily Backups
Backups of your important, new or changed data, as well as software and configuration settings should be performed daily, retained in a coordinated and resilient manner in accordance with business continuity requirements, and retained for at least 3 months. Testing the restoration process when the backup capability is initially implemented should be performed, followed by an annual retest and when any IT infrastructure changes occur.
The Essential Eight Maturity Model provides a high-level indication of your organisation’s cyber security maturity (i.e., how prepared you are to deal with a cybersecurity incident). It is designed to assist organisations in implementing the E8 in a graduated manner and obtaining an understanding of where they sit on the maturity continuum.
There are four maturity levels when implementing the E8:
Maturity Level 0
Indicates your organisation is not aligned with the intent of the mitigation strategy, signifying there are weaknesses in your organisation's overall cyber security posture.
Maturity Level 1
Indicates your organisation is partially implementing the Essential 8 strategies and at the beginning of your cyber security journey.
Maturity Level 2
Indicates your organisation is mostly aligned with the intent of the mitigation strategy, with still some room for improvement.
Maturity Level 3
Indicates full implementation of all the Essential 8 strategies
Ultimately, the goal is for your organisation to reach Maturity Level 3 for the best baseline protection against all types of cyber threats. Taking these security steps will greatly reduce the risk of a cyber incident impacting your business. Following these recommendations will also make it easier for your business to recover and continue your daily operations if you are ever the victim of a cyber-attack. While following this approach may require a reasonable investment of time and energy for your business, it is well worth the effort. These strategies should be viewed simply as part of doing business, to help your organisation navigate today’s technology landscape.
No matter where you are on your cybersecurity journey, we at CyberOps have the expertise to help your organisation move to the next level. In addition to assessing your cybersecurity and aligning it to your business priorities, we can help you develop resilient cyber solutions, assist with implementing them, advise on monitoring ongoing risks, and help you respond effectively to cyber incidents. Fundamental to that journey is getting the basics right, and that starts with bedding down the Essential 8.
Contact us to find out more.
CyberSecurity | Australian Signals Directorate (asd.gov.au) Strategies to Mitigate Cyber Security Incidents | Cyber.gov.au