Cyber Security Lessons from Abroad – Australia’s Essential Eight


Cyber risk affects businesses all over the world, so it’s no surprise that countries have developed their own individual mitigation strategies to help combat this threat. But businesses can apply many of these strategies to their organisations to improve their overall cyber security posture, regardless of the geography that they are operating in.

A good example is the Essential Eight, created by the Defence Signals Directorate, the cyber security arm of the Australian Department of Defence (DoD). Designed to prevent the spread of malware, limit the extent of security incidents and support data recovery, the Essential Eight is a collection of best-practice recommendations that businesses can use to bolster their security protocols against attacks online.

The Essential Eight recommends the following actions to prevent malware from executing:

  • Application whitelisting: Creating a list of approved applications that are authorised to run within a system, automatically turning off untrusted operations.
  • Patching applications: Frequent security updates and patches to applications can prevent known vulnerabilities from causing problems, boosting overall cyber defences.
  • Disabling untrusted Microsoft Office macros: Disabling untrusted macros can prevent attackers from using them to download and use malware – a growing threat.
  • Application hardening: Uninstalling, or at least blocking access to, Adobe Flash Player, along with blocking untrusted Java code, can help prevent data and applications from being manipulated.

And the following to limit the impact of a breach and aid data recovery:

  • Backing up data on a daily basis: Regularly backing up data can ensure that important information can be restored quickly and efficiently in a worst-case scenario.
  • Patching operating systems: Operating systems can fall victim to vulnerabilities if they are not regularly patched. 
  • Restricting administrative privileges: Users should only be granted access to the data and applications that are crucial for the role that they are performing, and only those who handle tasks like system management or software installation should be granted these privileges.
  • Multi-factor authentication: Where useraccess to data or systems is subject to multiple forms of identification, such as entry of a unique code, passwords, fingerprint scans or other biometric data.

Used concurrently, these rules can help businesses prevent and mitigate the potential impact of cyber attacks. Importantly, the DoD proactively evolves the guidelines to keep pace with the ever-evolving cyber threat, ensuring that they remain applicable both now and in the future. 

Although each of these measures play important roles in helping organisations identify vulnerable assets and set appropriate defences for their networks and applications, there are two specific steps of the Essential Eight that stand out from the rest: whitelisting applications and restricting administrative privileges.

Application whitelisting

By creating a list of applications that are pre-authorised to be used on devices within a system, organisations can alleviate the potential risk of malware infecting a device, since operations that aren’t contained within the list will automatically be turned off.

Application whitelisting can be particularly useful when deployed by the users who are most likely to be the victim of a cyber attack, such as senior management, system administrators or those who have access to more sensitive data – often those who work in HR or finance departments. 

Enforcing application whitelisting across a company can seem like a daunting task, but the benefits of doing so for high-risk users far outweigh the time and effort required to do so. 

To execute application whitelisting, businesses should:

  1. Pinpoint the applications that are necessary for everyday operations and authorise these to be used across all systems.
  2. Implement a framework and rules to guarantee that only those applications which are on the pre-approved list can be executed.
  3. Maintain and update this framework regularly by using a change management programme.

Application whitelisting should not replace any antivirus or security software that is already being used within an organisation. Instead, it should complement this software by protecting data and lessening the number of vulnerabilities that may be present within the system.

Restricting administrative privileges

In addition to whitelisting, organisations can better secure their networks by restricting admin privileges solely to those who need the ability to change parts of a network or computer system. 

Company-wide admin privileges may be seen as a way of increasing user flexibility, since each individual is able to adapt their devices to suit their own needs, adding applications and changing settings as they please. 

But if this activity is left unsupervised, malicious attackers can more easily infiltrate and infect entire systems by compromising just one device, potentially causing catastrophe across a network. 

Removing this privilege from users who do not need it can bolster network security by eliminating this potential vulnerability. It can also create a more stable network environment, making problems easier to identify and fix, since only a limited number of users will be able to circumvent security settings and make changes to the system. 

Restricting admin privileges can be done by:

  1. Identifying which tasks require admin privileges.
  2. Authorising users for whom admin privileges are necessary.
  3. Creating separate accounts for those users who need admin privileges, whilst ensuring that they only have the admin privileges necessary for their roles.
  4. Regularly reviewing which accounts have access to admin privileges, updating and removing users and privileges when appropriate.

To further improve the effectiveness of removing admin privileges, those who have access to these accounts should be prevented from accessing programs which could pose a potential cyber security risk, such as web browsers or email applications. Separate accounts should always be created for these tasks. 

By following the guidance laid out in Australia’s Essential Eight, and by focusing particularly on application whitelisting and admin right restrictions, global organisations can better mitigate the risk and impact of cyber attacks. 

About the author: Kevin Alexandra is principal technical consultant in Avecto’s Boston office, where he acts as senior escalation engineer for all Avecto Defendpoint deals in North America. Kevin is also a technical account manager providing dedicated one-to-one support to a multi-national consumer goods corporation operating Avecto’s solution.

Copyright 2010 Respective Author at Infosec Island via Infosec Island Latest Articles "https://ift.tt/2ShkTpX"

Comments

Post a Comment

Popular posts from this blog

Evernote cuts staff as user growth stalls

Image
Note-taking app Evernote has fallen on hard times of late, culminating in its latest spate of job cuts impacting 15 percent of its workforce (54 employees). CEO Chris O' Neil -- an ex-Googler who took the reins in 2015 -- announced the firings at an all-hands meeting earlier today, reports TechCrunch . In a message on the Evernote blog , O' Neill admitted he'd set "incredibly aggressive goals" for the company in 2018. He continued: "Going forward, we are streamlining certain functions, like sales, so we can continue to speed up and scale others, like product development and engineering." The layoffs follow an exec exodus just weeks ago and the company's recent brand refresh (complete with a refined logo and wordmark). But critics are more concerned about its product, especially the free tier, which they claim lacks the perks to
Read more

The best air conditioner

Image
By Liam McCabe This post was done in partnership with Wirecutter . When readers choose to buy Wirecutter's independently chosen editorial picks, it may earn affiliate commissions that support its work. Read the full article here . After six summers of researching, testing, and recommending window air conditioners, we've learned that quiet and affordable ACs make most people the happiest—and we think the LG LW8016ER will fit the bill in most rooms. This 8,000 Btu unit cools as efficiently and effectively as any model with an equal Btu rating, and runs at a lower volume and deeper pitch than others at this price. Little extra features like a fresh-air vent, two-axis fan blades, and a removable drain plug help set it apart, too. The LG LW8016ER is a top choice for an office or den, and some people will find it quiet enough for a bedroom, too. If our main pic
Read more

We won't see a 'universal' vape oil cartridge anytime soon

Image
Pre-loaded cartridges of cannabis concentrate are currently among the most popular means of consumption, and for good reason. They're discreet to use and easy to handle, a far cry from the dark days of 2016 when we had to dribble hash oil or load wax into narrow-mouthed vape pens by hand. But, frustratingly, an ever increasing number of oil cartridge manufacturers employ one-off design standards so that their products won't work with those of their competitors, thereby locking customers into proprietary ecosystems. We've already seen this with nicotine vaporizers -- which has a seen a massive rise in "pod systems" in the last few years, each outfitted with a unique canister and battery built to be incompatible with those of their competition. Is it too late for the burgeoning cannabis industry to set a universal standard for their product designs?
Read more