+61 2 9270 0666

Get your security on track with the Essential Eight cyber strategy

Essential Eight Cyber Strategy

There’s a ton of different ways to implement a cyber security strategy these days. Various vendors and suppliers have their own products and methods. With all the choices out there, the Essential Eight cyber strategy is a good place to start.

With the Essential Eight, you’ll get a at least a starting point as a basis for your cyber security strategy. Fortunately, it’s easy to implement, it’s not going to break the bank and it will co-exist with other cyber security strategies.

The Australian Signals Directorate’s cyber security teams have developed the Essential Eight program. The Essential Eight is a baseline strategy that your business can deploy as a starting point to mitigate against cyber incidents.

What is the Essential Eight Cyber Strategy?

The essential eight is a set of initiatives that you can implement within your business. Once you’ve deployed the Essential Eight, it’s going to make it harder for the ‘Bad Actors’ to get access to your environment from the outside.

The Essential Eight strategies are:

  1. Application white listing
  2. Application patching
  3. Microsoft Office macro configuration
  4. Application hardening
  5. Restricting administration privileges
  6. Operating system patching
  7. Multi-factor authentication
  8. Daily backups

To implement many of the ASD’s initiatives, you may not need to put in a lot of effort. You may have the tools or skills in house today.

You can get more detail on the Essential Eight from the Australian Signals Directorate website.

Application Whitelisting

Application white-listing allows a configured list of applications to run within your environment. It’s a basic premise that anything that’s not in the white list is blocked and can’t run.

Application white listing essentially stops the execution of unknown applications dead in their tracks. Chances are that if you don’t know what an application is you don’t want it to be running on any machine.

This will trap most malware, ransomware and command and control agents.

The chart below show the number of reports infections from malware. These numbers are based on reports by Australian Internet Security Initiative members. This data is updated daily and can be found on the ASD website.

Cyber Security Malware Statistics - Essential Eight Cyber Strategy

To implement application whitelisting you need to build a list of approved, or trusted, applications that you run within your business. This includes all the EXE, DLLs and scripts across your platforms.

It can be a bit of a task to identify absolutely everything. Once you’re done, you are going to need a process built into your Change Management functions to maintain the list and keep it up to date.

Enforcing the whitelist can be done through Active Directory, some anti-virus applications, such as Trend Micro, and other next-generation endpoint security products like Palo Alto’s Traps.

Application Patching

Keeping you applications patched and updated should be high on your priority list. Security vulnerabilities within your applications are a risk that your IT team should be able to easily manage.

Security vulnerabilities in applications can be used to execute malicious code on systems.

Applications that you should be patching don’t just include your core business apps. You should also maintain the most secure versions of your web browsers, Microsoft Office, Adobe Reader and Java. That’s on a short list though. You’ll likely have many more.

Application vulnerability details are often released by the application vendor.

For any applications that you have that are end of life or not longer supported by a vendor, the ASD recommends, as so do we, to upgrade or replace the application with one that is supported.

Deploying the latest patches for your applications is going to vary from vendor to vendor. Oftentimes, IT teams find it difficult and time consuming to patch applications. It could also be expensive for some companies to deploy a central system for managing the deployment and upgrade of applications.

These are hurdles you need to find a way to overcome. You may need to source a 3rd party provider to help you with your patching regime.

Your applications are important and your staff uses them every day. You should find a way to keep them up to date if you don’t have one already.

Microsoft Office Macro Configuration

Microsoft Office macros have long been a sneaky, and effective, way of delivering malware.

Over time, Microsoft has changed the way macros are handled with in its Office suite and applications like Word and Excel.

The simple fix is to disable the running of Macros through Microsoft Office for documents that have been sent via the Internet.

Taking it that little bit, the ASD recommends tightening up controls to only allow macros to run from documents stored in trusted locations, such as you’re own environment.

Locking down the use of Office macros should be considered. Sometimes, this isn’t practical. You may need to share macro enabled documents with your clients and suppliers.

At the very least, the ASD recommends that you lock down your Office macros so that your staff are prompted to allow the macros to execute each time.

To marry up with the Maturity Level 1, the ASD recommends that you lock down your systems to prevent any staff from changing the security settings permanently on their systems.

Like application whitelisting, securing and locking down the use of macros through Microsoft Office can be handled with Intune or Group Policy.

User Application Hardening

You’ll find many security vendors citing the human element as the weakest link in the cyber security chains. Sometimes people are gullible, don’t pay full attention or simply don’t know any better.

Hardening applications on desktops and laptops will go along way to reducing this risk.

With the Essential Eight, locking down applications that your staff are using, such as web browers is simple but smart thing to do.

To start, you want to block Flash from running in our browser by default. Disabling ads and Java on the Internet can help with attacks from malicious sites. You can read about drive-by attacks here.

On the desktop side, see what you can do for each of your applications. For Microsoft Office you can disable unneeded features such as Object Linking and Embedding (OLE).

Restricting Administrator Privileges

Sure, this one sounds pretty simple but you might be surprised to learn how many user accounts in your business have elevated rights.

In a recent review of one prospect’s Active Directory, we found 112 Domain Administrators. 8 of those were from staff that had recently left and 52 were external contractors.

Giving people more access to systems and data than they need to do their jobs poses a very real security threat. With the right level of access, compromised accounts can be user to corrupt or exfiltrate data.

You can implement various policies around access control that should outline who has access to the various systems and data you have. An Access Control Policy will also detail what roles and access that your IT teams need to build to protect your business without hampering your staff from carrying out their daily tasks.

The Essential Eight Cyber Strategy Says Patch Your Operating Systems!

Again, another no-brainer directive from the ASD here. This is advocated by everyone. Even so, many businesses who think they are patching their systems are often out of date.

The Essential Eight cyber strategy has various levels of risk that should be guarded against depending on the system.

For example, any systems that are deemed as an ‘extreme risk’ to the business if they were compromised should have their operating systems patched within 48 hours of any vulnerability that has been identified.

Our advice is to review your patching policy. While the ASD might suggest you patch your systems withing 48 hours of an ‘extreme risk’ vulnerability, sometimes this isn’t practical.

Make sure you patching policy includes what to patch, when and how often.

Deploy Multi-Factor Authentication

With the rapid take up of cloud applications and a work from anywhere philosophy, you need a new approach to information security. A simple username and password combination is no longer enough to protect your data.

Credential harvesting attacks are increasing. The media is full of articles about password theft.

The risk of using simple username/password combinations is that people often use the same password in multiple locations.

By implementing a second factor to control access to applications and data, you are making it so much harder for those bad actors to access your systems and data.

Perform and Check Your Backups Daily

It should go without saying that every business should be backing up their data regularly.

Backups, stored in a different location, are one of the best securities of data loss and corruption.

Make sure you are backing the data you need as often as required. Also, make sure you test regularly that you can recover the data you’ve backed up.

Are You Ready for the Essential Eight Cyber Strategy?

It’s likely that you’ll be able to get started on implementing the ASD’s Essential Eight within you environment today.

You should be patching all your systems, you should have regular backups of your data. If you don’t, it’s easy to start now.

Some of the Essential Eight might prove challenging or you many not have the resources or expertise to implement the strategies. If you need help, advice or some help to get you started in the right direction, let us know.

     

    ITConsult designs, implements and supports IT environments for Australia‘s medium-large organisations through a portfolio of business IT solutions. Navigating technology today can be a minefield and everyone seems to have an agenda.

    If you'd like to have a good old fashioned talk about what might work for you, please get in touch for an obligation-free, over the phone chat.

    Related Posts

    • Office 365 Email Security
      The Facts on Office 365 Email Security

      Out of the box, Microsoft's Office 365 email security provides some good levels of protection around basic spam and malware filtering. If you want something…

    • Office 365 Security Best Practices
      Office 365 Security Best Practices

      Even though Microsoft's Office 365 is an easy-to-use platform, securing your data in the cloud is not that simple. Implementing a few Office 365 security…

    • Using shortcuts in Teams can save you heaps of time. Download our handy guide for Microsoft Teams keyboard shortcuts to improve your productivity

    • 5 ways to protect against identity attacks with Multi-Factor Authentication

      Conventional authentication policies that depend on usernames and passwords alone are no longer secure. As our data evolves, the way we protect access to that data needs to change. Identity attacks are the easiest way into your systems. As we move data from a complete on-premise environment to cloud applications and hosted services, the perimeter of your security footprint has moved. Poor authentication practices are #2 in the list of security risks published by OWASP. Confirmation of your staff’s identity is critical to protect against authentication-related attacks. Cyber criminals know about the security challenges you face. They are actively finding ways to trap your staff into handing over credentials. They are also relying on people’s tendency to re-use passwords everywhere. Often, they’ll use the same password across their work and personal accounts. Here are 5 ways an attacker could gain access to your systems if you only have username and password authentication. There’s no doubt that someone is trying these attacks on your business right now. #1 Broad-based phishing campaigns Why are phishing emails still the number one way of gaining access to someone’s credentials? Simply, the numbers are in their favour. After all this time they are still effective.

    • Office 365 Security Best Practices

      Even though Microsoft’s Office 365 is an easy-to-use platform, securing your data in the cloud is not that simple. Implementing a few Office 365 security best practices can at you’ll have your data in a safer place than it was yesterday. Office 365 is constantly evolving with new features being added every month. Keeping on top of your security posture is critical. Out of the box, Office 365’s settings for data security are fairly weak. We’ve seen organisations that have been in a far worse position than they thought when it came to cloud security. By modernising their security, many business are incorporating a zero trust methodology. This helps to secure sensitive data and improve their ability to defend against modern cyber threats. Office 365 can form part of that zero trust framework if security is planned right. To help get your business in a better position, we’ve put together a list of our top Office 365 security best practices. We aim to configure these principles for all our clients. By implementing this list, we’re sure that your data will be safer and you’ll be back in control. Office 365 Security Best Practices Start With Your Password Policy Password policies

    • Office 365 Email Security

      Out of the box, Microsoft’s Office 365 email security provides some good levels of protection around basic spam and malware filtering. If you want something more substantial that will suit your business, it’s most likely that you need to look at 3rd party products to fill the gap. The Office 365 suite isn’t a one-site fits all platform. Microsoft have built the platform with all it’s tools as a great starting point. In many cases, adding 3rd party products can enhance the functionality and security than the uplift that Microsoft would charge for similar services. You will need to plan your strategy to help thwart the security attacks on your Office 365 email. Industry pundits are already suggesting that phishing scams will be more of a problem than hacking or ransomware. When you’re moving your business to the cloud, managing all the security requirements adds another layer of complexity and consideration. It’s important to make sure you know what you need and what you are getting. What’s in the box with Office 365 Exchange Online Protection? Exchange Online Protection (EOP) includes a lot of features that you would expect in many on-premise email filtering platforms. With Office 365, the included

    • Microsoft Azure Cloud

      Building a hybrid cloud environment just got a whole lot easier. Are you ready for tried and proven way of given your applications fast access to on premise data and replicating to the cloud for DR? Enter NetApp Cloud Volumes. It’s true that you can outsource infrastructure, applications and services through various as-a-service programs. You can’t outsource the responsibility you have for your business data. Your business data must be secured, protected and managed. Now, you can implement a single, cohesive data fabric that is geared for performance. With this single data fabric that stretches from on-premise to the cloud, you can maintain control of your data and still attached a myriad of as-a-service resources. We’ve found that progressive business need to: Migrate workloads seamlesslyImplement unified data management across your on-premise and Azure cloud environmentsDeliver cost-effective data protectionStand up DR and Backup up to Azure cloudImplement consumption-based cost savings through the cloud NetApp Cloud Volumes ONTAP for Azure provides a data storage solution that is flexible enough to fit nearly any requirement. You can implement NetApp Cloud Volumes disaster recovery, DevOps and test environments through to cloud-based applications and file services. NetApp Cloud Volumes can help you minimize your storage

    Level 1, 237 Mona Vale Road
    St Ives NSW 2075 Australia

    Phone: +61 2 9270 0666

    PO Box 731
    St Ives NSW 2075 Australia

    © 2024 The IT Consultancy Group Pty Ltd. All Rights Reserved.

    Privacy Policy | Disclaimer | Acceptable Use Policy | Fair Use Policy