Strategies to mitigate cyber security incidents
There were over 67,000 cybercrime reports in the 2020-21 financial year in Australia. The majority of these affecting small to medium sized businesses who are most at risk, with limited resources to prioritise effective IT. As a result, the Australian Cyber Security Centre (ACSC) has prioritised developing strategies to combat these incidents.
The introduction of a clear cyber security framework is designed for businesses and IT companies as a reference, for the implementation of better protection measures against cybercrime. The most effective of these are known as the Essential Eight. Designed to protect internet connections as well as cloud services, enterprise mobility and other operating systems.
The Essential Eight
Application Whitelisting/Application Control
Arguably the most important control strategy on the entire list. Application whitelisting prevents the execution of malicious programs and applications on your network. By whitelisting your safe applications, the network will automatically identify any unknown code that is trying to target you.
Application Patching
A patching process involves testing, acquiring and installing code changes on your computer systems and applications. These repairs update and secure your computers, mitigating vulnerabilities. Weaknesses in your systems are often targeted by manual attacks however, recently automated attacks have also increased in frequency.
Most software vendors will provide updates and patches to publicly identified and known vulnerabilities. However, it’s ideal to patch before a particular weakness is made known to the public to maximise safety. Furthermore, there are instances where developers do not patch or update software as it is no longer supported. In these cases it is recommended to identify and implement a supported software with similar functionality.
Configure Office Macros
Files are a common source of malicious code and malware. For example, the sending of a compromised word document titled ‘Financial Summary 2021’. Microsoft has safeguards in place to mitigate this with anti-virus systems that scan documents, as well as notifications upon opening providing a security warning.
Application Hardening
An end-point system is a remote computing device that communicates with a network to which it is connected. For example, a desktop or smartphone. The ACSC recommends hardening these points by locking down, uninstalling and disabling uneccasry features and applications. By doing so, the ‘surface area’ with which attackers can exploit is significantly reduced. This also helps businesses better and more easily manage updates, reducing time and money spent.
Restrict Administrator Privileges
Admin accounts are essentially the keys to the entire application and/or network. So it makes sense to lock down users into the specific roles and requirements they operate within. Many attacks seek to pish key login details form organisations. By limiting individuals accounts access, comprimisation risk is greatly reduced.
Patch Operating Systems
Vulnerabilities in operating systems can be exploited far further than other applications and software. Patching computers and network devices with extreme risk vulnerabilities within 48 hours is absolutely key to reducing risk.
Multi-Factor Authentication
Multi-factor also known as 2-Factor creates an extra step for authorising access to systems. This extra step creates an additional security security barrier making it far more difficult for attackers to access sensitive information and systems. The ACSC recommends applying a multi-factor authentication to access points within the organisation, especially where critical systems are concerned.
Daily Backups
According to a recent survey, only about 9% of users backup their data daily with over 20% never backing up key information. The ability to recover business information and data is an important part of cyber security risk mitigation. In the event of attack, infection, system crashes, hardware failures or complete destruction, a quick and complete recovery should be possible remotely. The recommendation here is to configure incremental or differential back ups of relevant new/changed data, software and configuration settings inclusive of an offsite or disconnected storage. Ideally such a set up would be complete with a data retention period of at least 3 months.
The Essential 8 Maturity Model
To help organisation’s with the implementation of the Essential 8, the ACSC has identified four maturity levels. From 0 – 3 these levels are based on mitigating increasing levels of adversary tradecraft (tools, tactics, techniques and procedures) and capabilities. Simply put, the maturity levels are the effort and skill attackers possesses. An organisation needs to consider these maturity levels in conjunction with the likelihood and desirability they are targeted by adversary hackers when.
Maturity Level Zero
There are weaknesses in the overall cyber security perimeter. Attackers with the resources and tools of level one and below below can compromise confidential data and systems integrity.
Maturity Level One
Adversaries with minimal tradecraft and resources usually seeking an opportunity rather than a target. Using publicly available exploits, vulnerable systems and common social engineering techniques to gain entry and launch malicious applications.
Maturity Level Two
A modest step-up in capability, these adversaries spend more time on a target as well as the effectiveness of their tools. Generally using similar techniques to a Level One, however spending far more time, money and effort in their attacking attempts.
Maturity Level Three
The highest level of attacker doesn’t require public exploits and are much more adaptive. They can target even the slightest of weaknesses in cyber security perimeters, exploiting and bypassing security controls. Once gaining access, they seek privileged credentials and pivot to other parts of the network whilst continually covering traces of their activities.
