The costs of cyber attacks and crimes are often significantly more expensive than taking preventative measures. For this reason, the Australian Signals Directorate published the Strategies to Mitigate Cyber Security Incidents in February 2017. The guidance details “prioritised mitigation strategies to help technical cyber security professionals in all organisations mitigate cyber security incidents.” It also “addresses targeted cyber intrusions, ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’ and industrial control systems.”

 

While the publication includes many strategies to mitigate cyber attacks, it also named the “Essential Eight” mitigation strategies that will serve as a baseline to make organisations less prone to attacks. These can also save businesses time, money, effort and reputational damage compared to cleaning up after a compromise.

 

Once the Essential Eight mitigation strategies have been correctly implemented, a baseline cyber security posture can be achieved. Read on to learn about the strategies.

 

To prevent malware running:

  1. Application whitelisting* – A whitelist only allows selected software applications to run on computers. All other software applications are stopped, including malware.
  2. Patch applications* A patch fixes security vulnerabilities in software applications. Adversaries will use known security vulnerabilities to target computers.
  3. Disable untrusted Microsoft Office macros Microsoft Office applications can use software known as “macros” to automate routine tasks. Macros are increasingly being used to enable the download of malware. Adversaries can then access sensitive information, so macros should be secured or disabled.
  4. User application hardening Block web browser access to Adobe Flash player (uninstall if possible), web advertisements and untrusted Java code on the internet. Flash, Java and web ads have long been popular ways to deliver malware to infect computers.

 

To limit the extent of incidents and recover data:

  1. Restrict administrative privileges* Only use administrator privileges for managing systems, installing legitimate software and applying software patches. These should be restricted to only those that need them. Admin accounts are the ‘keys to the kingdom’, adversaries use these accounts for full access to information and systems.
  2. Patching operating systems* A patch fixes security vulnerabilities in operating systems. Adversaries will use known security vulnerabilities to target computers.
  3. Multi-factor authentication This is when a user is only granted access after successfully presenting multiple, separate pieces of evidence. Typically: Something you know, like a passphrase. Something you have, like a physical token. And/or something you are, like biometric data. Having multiple levels of authentication makes it a lot harder for adversaries to access your information.
  4. Daily backup of important data Regularly back up all data and store it securely offline. This way, your organisation can access data again if it suffers a cyber security incident.

 

* Strategies to mitigate targeted cyber intrusions

 

Big or small, no business is safe from the risk of cyber attacks and cybersecurity incidents. Consider implementing these strategies today, or contact Club IT to get professional advice on how to protect your organisation from cyber criminals.