I want to get serious about cyber security but where to start?
3/11/20, 9:00 am
Technology now enables us to push beyond human boundaries. It also means we face increased malicious use of technology against us. There are many businesses out there that don’t see cyber security as a top priority. Ignorance leads to successful attacks, from taking down company infrastructure, stealing company data, or tricking payroll to send company funds. The pandemic of 2020 has seen a rise in cyber attacks. More businesses are realising that securing their data and their staff is a top priority.
Cyber attacks can come in various forms and threat actors are getting more creative in their actions. How can businesses begin to protect themselves? The Australian Signal Directorate (ASD)’s Essential Eight provide the steppingstones to lowering the risk of cyber attacks. These mitigation strategies are the foundation to protecting systems against a range of adversaries. Of course, applying only one or two strategies isn’t a guarantee to prevent an attack. Applying all eight strategies should be the baseline for businesses.
The Essential Eight are mitigation strategies that all businesses should adhere to. Following these will give any business a solid starting defence against cyber attacks.
1. Application control
Prevent execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host) and installers.
2. Microsoft Office Macro Settings
Block macros from the internet, and only allow vetted macros either in trusted locations’ with limited write access or digitally signed with a trusted certificate.
3. Patch Applications
Patch / mitigate computers with extreme risk vulnerabilities within 48 hours and use the latest version of applications. e.g. Flash, web browsers, Microsoft Office, Java and PDF viewers.
4. User Application Hardening
Configure web browsers to block Flash (ideally uninstall it), ads and Java on the internet. Disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers.
5. Restrict Admin Privileges
Restrict operating systems and applications based on user duties. Regularly re-validate the need for privileges. Don’t use privileged accounts for reading email and web browsing.
6. Multi-factor Authentication
Increase security for VPNs, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository.
7. Patch Operating Systems
Patch / mitigate computers (including network devices) with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest operating system version. Don't use unsupported versions.
8. Daily Backups
Backup important new / changed data, software and configuration settings, stored disconnected, retained for at least three months. Test restoration initially, annually and when IT infrastructure changes.
Mitigation strategy implementation
To help businesses prioritise the Essential Eight, the ASD have guidelines on what strategies to implement first. This will allow for good planning and execution when starting a project to assist with their implementation.
As stated by the ASD, the suggested implementation order of the mitigation strategies is as follows:
1
Targeted cyber intrusions and other external adversaries who steal data.
2
Ransomware denying access to data and external adversaries who destroy data and prevent computers / networks from functioning.
3
Malicious insiders who steal data such as customer details or intellectual property.
4
Malicious insiders who destroy data and prevent computers/networks from functioning.
The Essential Eight is a great offering for businesses to start securing their property and data but this is not where it ends. Businesses should also be reviewing the existing security controls within the ISM (Information Security Manual). The Essential Eight is just a minimum and therefore the ISM will provide the strategies necessary to take cyber security to another level.
How NEC can help implement these strategies
NEC houses a range of talented engineers and analysts who understand that cyber security is a top priority. Utilising a range of tools, platforms and services from multiple vendors, NEC can assist in implementing, managing and maintaining services that adhere to the strategies of the Essential Eight baseline, lowering the threat risk in any environment.
Today NEC has customers using many services, for example, server management where strategies such as the restriction of administrative privileges, the frequent patching of operating systems and daily backups of each server and environment take place. VPN services are another example where customers are utilising Multi-Factor Authentication (MFA) to access multitenant VPN tunnels. NECs customer managed environments are secured and accessed via encrypted endpoints. these endpoints require MFA for access, each user’s account only has the necessary privileges for their individual role, and all systems are up to date.
Internally, NEC utilise a range of risk mitigation strategies with:
- Multi-factor authentication for system and application authentication.
- Application hardening via group policies.
- Application controls via endpoint protection suites installed across the fleet.
SIEM systems also gives full visibility of each endpoint. This allows the security team to have insights within our environments whilst applying and correlating threat intelligence against all events.
Start defending your business today, do not wait until it is too late. Remember the Essential Eight.
Jason Gilliham
Cyber Security Lead
jason.gilliham@nec.com.au