The Essential 8 Cyber Security Mitigation Strategies: Recommendations from Australia’s Top Cyber Agency

If cyber attackers can get into our country’s foremost cyber defence agency, the Australian Signals Directorate (ASD), they can definitely get into your organisation’s systems. This week we look at the Essential 8 cybersecurity strategies to securing your business as outlined by the Australian Signals Directorate (ASD).

Cyber-attacks are on the rise, and if your defences aren’t fortified, then you are leaving these critical systems vulnerable.  To decrease the chances of cyber-attacks, as well as mitigate effects if systems are affected, the ASD put together a list of 8 essential strategies for organisational cyber protection. Let’s walk through each strategy, the effects of not following it, and then explain how to implement each within your business.

To guard against malware download and attacks

1. Execution of only whitelisted applications

A common way that malware gets into your systems is through someone unwittingly downloading a .exe file that is simply malware masquerading as something else, is the software expected but includes a malware component, or is a valid software product but with already present and exploitable vulnerabilities that haven’t been fixed.

To guard against these types of exploits, you need to do a software stocktake. You need to take a look at all the software programs used across your organisation. Once you’ve compiled the list, you can determine which are used often, are produced by reputable companies, and updated regularly. These programs will form your whitelisted applications. This may include applications such as the MS Office suite, Adobe Photoshop, Eclipse, VLC, etc.

Once you’ve compiled the list, these are your “safe” applications. Should your employees wish to add new whitelisted software to the list, the Essential 8 recommends that you will need to do a risk analysis first – and have procedures in place for this process.

This way, any incoming files from the web or email, if they don’t conform to one of these application’s file types, they can be blocked or quarantined.

For instance, there are tricks used to disguise executable (.exe) files as other files, e.g. .jpg. If your devices can’t run these file types, you are protected.

2. Automatic application patching

From your whitelisted set of applications, you need to enable automatic patch updating across the board for these applications. Many patches that are released are specifically to address a discovered software vulnerability.

For instance, this Adobe Acrobat and Reader update from January was to “address critical and important vulnerabilities”. If your applications aren’t up to date with their patches, you are at risk.

Thankfully, you can enable or configure your systems to automatically update authorized patches.

3. Hardened browser and application security

When we are looking at how systems become infected, a lot of the time, it’s through browser vulnerabilities. Just downloading Chrome/Firefox/Safari alone isn’t going to cut it. You need to take steps such as disabling Flash and Java and using HTTPS by default. There are also additional plugins such as ad blockers, tracker notifiers and Google results threat rating systems that can be used to beef up browser security.

There are other steps you can take such as disabling adding additional browser plugins, banning certain domains, or certain countries’ websites, deleting cookies on exit, and more.

Similarly, you can turn off “features” of installed applications, such as OLE in MS Office, or disabling installation of plugin apps from their specific app store ecosystems.

4. MS Office Suite macro disabling

A concern that went away for a while, but returned with a vengeance recently, is MS Office application macro payloads that cause systems damage. It’s recommended that you disable macros within your MS Office suite applications for this reason. In some cases, this may not be an option, for instance, you are creating Excel VBA macros for data transformations. However, you can configure macros to be disabled on files not created or owned by users within your workgroup.

Microsoft has recently introduced measures to tackle this specific problem within their applications, however, it pays to double down on security.

To restrict the effects of a cyber-security incident

5. Automatic operating system patching

Much like vulnerabilities can be discovered in your applications by the vendor, vulnerabilities can also be discovered in operating systems software. Ensure automatic patching for operating systems to keep your systems up to date with the latest in security.

You need to also make sure to patch any network devices, via firmware updates. This includes routers, switches, and if you’re using smart devices in the office, these updates need to be rolled out automatically too.

6. Multi-factor authentication (MFA)

Two-factor authentication (or higher, depending on data/systems sensitivity) is a must for all systems access to your local network. Do you want your employee to be able to work from home sometimes? Yes. Do you want someone else gaining access to your systems because they stole her password? No.

Multi-factor authentication can be backups such as using Google Authenticator, sending SMS codes, secret questions, etc.

Multi-factor authentication is recognised as one of the Essentials 8’s easiest and quickest steps to significantly increase the security of your network.

7. Restricted administrator roles and access controls

Too many cooks spoil the broth. And too many administrators can be a security vulnerability. Limit administrator accounts to who really needs them and document the reasons why. Review administrators and reasons on a regular basis.

People with administrator access should only be using this access for administrator tasks. They should have a separate regular user account for emails, other applications, web browsing, etc.

Automating administrative and user account removal upon a person’s exit from the company should be on your to-do list.

Data access and backups for incident recovery

8. Daily backups

What happens if something bad gets into your system and wreaks havoc? You better have a clean backup to roll back to. That’s why daily backups of new information (added to your existing information) are critical. Keeping snapshots of your systems and data ensures that if they are locked, damaged, or deleted, that they are recoverable.

Be aware that attacks can also try and infect your backups, too. Your safest bet is backing up to an entirely different system, that disconnects from your networks. Having a secondary backup system (as opposed to just one) also reduces your risk of backup targeting.

Business cybersecurity is complex, diverse, and ever-changing

These are just the essential 8 components of a wider list of 35 strategies to help stop the threat of cyber incidents. Cybersecurity is as important for your business as a lockable front door for a retail store – but far more complex.

Outsourcing your company’s cybersecurity implementation and maintenance is a clever course of action for SMBs and even large enterprises who don’t wish to have a dedicated cyber team as part of their workforce. At A1 Technologies we are experienced in best cyber security practices, processes and systems management for our customers. It’s our job to make sure that you are protected. Get in touch today to ensure the maturity of your business’s cyber-defence.

Julia Sinclair-Jones

Tech writer and ex-software developer with a penchant for travel, techno, and data. Spreading the word of secure, manageable, optimised IT solutions for everyone.