Cyberattacks are running rampant more than ever, and worse they’re getting more devious.
All it takes is one breach to damage your business operations.
During the olden days of the internet, simple anti-virus software and a firewall are enough to fight off the bad guys. Now, you need to bring out the big guns and implement a mitigation strategy that can protect your data from cybersecurity attacks.
The Australian Cyber Security Centre (ACSC) created the Essential Eight framework to help organisations form an effective mitigation and prevention strategy against cyber security incidents. IT service providers encourage Australian businesses to implement this framework to make it difficult for cyber attackers to breach their systems.
The Essential Eight framework can help you survive minor and major cyber security incidents. In this article, we’ll walk you through the Essential Eight framework and how they play a role in your cyber security strategy.
Patches, otherwise known as software updates, are crucial in securing your IT environment. It “patches” known security vulnerabilities in applications and operating systems.
It’s important to understand that software evolves and new vulnerabilities are found all the time, and it's your responsibility to keep up with it.
Software vendors are responsible for ensuring that their products follow business-grade security and sending out patches promptly to protect their users. It is your responsibility to install those patches.
Once patches are available, install them immediately.
Patches will lessen the level of cyber threats.
Implementing application controls prevents malicious applications from running within your IT systems.
With application control, you create an allow list for specific applications that are required to conduct your business. Everything else, good or bad, gets blocked. This will prevent unwanted applications like worms, malware, and trojans from wreaking havoc. On the other side, you can also set a list of applications you only want to run in the network.
If implemented correctly, you will have fewer chances of a data breach from infected applications (especially if they're downloaded from untrusted locations).
But application control is a big task and will need careful consideration on what applications to block and approve because remember, it will block everything, not just the bad stuff.
Hackers use a variety of applications to gain access to your system. The favourite ones are web browsers, Microsoft Office, Adobe, and Java.
You can mitigate these attacks by setting up controls on how applications can run on your system. This is what application hardening is all about.
Application hardening works by limiting an application’s functionality on a computer. The network admin can configure various aspects of the application from system access to user control. This mitigation step is critical in stopping malware from deploying.
Start with shifting through your most used applications along with their features.
Then, determine which features are critical to your operations and which are not.
Next, find out which users need applications like Adobe Flash and Java, and strictly limit it to that group to lower your risks.
Once set, review your application hardening tasks from time to time because threats may find software vulnerabilities you may not be aware of.
Talk to your IT team or Manage Service Provider about penetration testing and IT health assessment.
Microsoft Office macro settings
Macros are powerful tools that can automate repetitive tasks. It is a series of coded commands used to improve one’s productivity.
Although this sounds great, Macros, especially dodgy ones, can contain malicious code that may put you at risk of a cyber security breach right under your nose. They can easily trick users (especially the non-techy ones) into using these infected macros allowing them to hack into your system.
Office macros are sly, and you must be clever to keep the untrusted ones from infecting your network.
One of the most effective things you can do as part of the Essential Eight mitigation strategy is only run Microsoft Office macros (in case one or two of your operations require macros to execute tasks) from trusted locations and disable all the other unused macros.
Operating system hardening
Operating systems, similar to applications like Microsoft Word and Adobe Photoshop, need hardening for a similar reason: to “patch” any security vulnerabilities in applications and operating systems.
If your operating system is outdated, you are vulnerable to cyber-attacks. And if this happens, you're letting hackers take advantage of your IT.
It's important that you install the patches immediately once your software vendor releases them. If you're using Windows, go to Windows Settings then click on Update and Security. From there, you can check whether you're up to date or not or if there are any updates available. Also, remember to restart your computer frequently as that will trigger new or complete pending updates.
You also have the option to turn on automatic updates to ensure you always get the latest updates without checking your Windows Setting.
Restrict admin privileges
Restricting admin privileges is critical in effectively mitigating and preventing cyber attacks on your IT system.
When organisations set up their IT, they typically set it not unlike their hierarchy.
Decision-makers typically get more privileges than interns. Everyone in the company shouldn’t easily access confidential business information, and being so can pose risks to your operations. One of those is leaving you vulnerable to cyber attacks like ransomware.
Be careful to who you grant system admin privileges. Once you bestow admin access to a user, you’re allowing them to gain entry to your company’s most important asset.
After granting admin privileges, systematically keep track of each of them and from time to time validate if their access is still appropriate to carry out their duties. If they do, retain them. If not, remove their access privileges.
It’s best to schedule this task every quarter or six months.
We cannot stress enough how many cyber-attacks were stopped because of multi-factor authentication.
Hackers have their way of obtaining your login credentials. They can even buy your logins on the Dark Web. And since that is the case, you need several layers of protection to fight attackers from getting into your data.
Multi-factor authentication is a control created to prevent unauthorised individuals from accessing your device, accounts, or network. It is typically known as one of the last layers of defence against attacks since it makes it much more difficult for hackers to access your data.
The ACSC included multi-factor authentication into their Essential Eight in fighting cyber security incidents because of its effectiveness in stopping attacks using compromised login credentials which is the number one way hackers gain access these days.
As mentioned previously, hackers have their ways of obtaining your login credentials, and if you use the same logins on all your other online accounts, they can easily hack through those as well without hassle. With multi-factor authentication, even if you use the same logins on other accounts, your data is still protected because of the added layer of protection that will verify whether it is you attempting to log in to your account or not.
We know how inconvenient it is to type a series of codes after logging in, but this is a small sacrifice to make to protect your data.
Talk to your IT team or Managed Service Provider about running system diagnostics to check if multi-factor authentication is set up on all your online corporate accounts.
Regular data backup
In case all seven of the Essential Eight controls failed, your backups will be your saving grace.
If your systems get compromised, you can replace all damaged files with your backup to get you back up and running in no time. Ultimately, having a backup will reduce your damages from reputation to profit.
It’s best to establish and maintain a backup strategy to keep a copy of your files in a safe place, so if ever you’re under attack (especially ransomware), you can grab your backup anytime and set up your environment as if nothing happened.
It’s best to talk to your IT team or Managed Service Provider about your backup strategy. Clear out what data you need to backup, how frequent you make a backup, and who gets access to those backups.
Does your organisation comply with the ACSC's Essential Eight Mitigation Model?
Finishing this article brings you one step closer to a stronger cyber security strategy. You now have a clear understanding of how each control of the Essential Eight Model can protect your business from major or minor cyber incidents.
If you're looking to improve or implement a cyber security solution in your Australian business, you've come to the right place!
Get in touch with us to see how our cyber security experts can help you implement the Essential Eight model into your business and improve your IT security for the better.