Cybersecurity attacks have real impacts on Australian businesses, which is why the 2021-22 Federal budget includes over $42 million for security of Australia’s critical cyber infrastructure and to help business operators deal with major cyber attacks.
As businesses look to strengthen cybersecurity, increasingly they’re adopting the ‘Essential 8’ security strategies prescribed by the Australian Cyber Security Centre (ACSC), which are mandatory for many Australian Government agencies. These measures cover prevention, damage limitation and data recovery, mitigating all common cybersecurity threats reported to the ACSC.
Here’s a summary of the Essential 8, the potential pitfalls of operating without these measures in place, and some of the solutions we implement to align Forsythes Technology clients with the Essential 8 strategies.
Application control prevents execution of unapproved/malicious programs, including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers, so all non-approved applications (including malicious code) are prevented from executing.
Over 30 billion emails are sent daily with malicious .exe attachments, accounting for around 20% of all malicious emails. With suitable application control measures in place, these threats are neutralised.
Patch applications (e.g. Flash, web browsers, Microsoft Office, Java and PDF viewers), patch/mitigate computers with ‘extreme risk’ vulnerabilities within 48 hours and use the latest version of applications so security vulnerabilities in applications cannot be used to execute malicious code on systems.
Recent surveys show that around one in three cyber breaches are caused by unpatched applications, and less than 50% of organisations successfully deploy patches to these vulnerabilities within one week.
Configure MS Office Macro Settings
Configure Microsoft Office macro settings to block macros from the internet, and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate, so MS macros cannot be used to deliver and execute malicious code on systems.
In 2016, the ‘Locky’ ransomware attack sent around 500,000 emails with an attached Microsoft Word document containing malicious macros. Once the document was open and the macros enabled, the Locky virus launched, encrypting files and demanding 1 bitcoin in ransom. Computers in the USA, Canada and Australia were the most targeted in the attack.
User Application Hardening
Configure web browsers to block Flash (ideally uninstall it), ads and Java on the internet, disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers, so that Flash, ads and Java cannot deliver and execute malicious code on systems.
Without limiting what applications are allowed to do, a system’s attack surface is larger and therefore at higher risk of sustaining a cyberattack. Much like application control, application hardening is an ongoing process of review and optimisation.
Limiting the Damage
Restrict Admin Privileges
Restrict administrative privileges to operating systems and applications based on user duties, regularly revalidate the need for privileges and don’t use privileged accounts for reading email and web browsing so adversaries cannot use these accounts to gain full access to information and systems.
System administrators have the most privileged accounts on computer systems and networks, so a malware infection or account hijacking with administrator privileges carries the most catastrophic level of risk, both financially and operationally.
Patch Operating Systems
Patch/mitigate computers (including network devices) with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest operating system version. Don’t use unsupported versions so security vulnerabilities in operating systems cannot be used to further compromise systems.
The unprecedented 2017 ransomware attack, WannaCry, infected over 230,000 computers in 48 hours globally, costing around $4 billion. The attack targeted a vulnerability in unpatched Microsoft Windows operating systems, for which a patch was available several months earlier. Victims included Honda, FedEx, the English National Health System and numerous Universities.
Multi-Factor Authentication (MFA)
Implementing MFA, including for VPNs, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important data repository makes it harder for adversaries to access sensitive information and systems.
Around 0.5% of Microsoft accounts are compromised monthly, of which 99.9% are not using MFA. For any organisation, from a sole trader to large enterprise, MFA is fundamental.
Daily backups of important new/changed data, software and configuration settings, stored disconnected and retained for at least three months, to ensure information can be accessed following a cyber security incident (e.g. a ransomware attack).
Despite increasing cybersecurity threats, around 58% of small businesses are unprepared for data loss and 60% of small businesses that experience data loss close within six months.
Your cybersecurity is only as strong as its weakest link.
We advise on and implement a wide range of solutions to align clients with any or all of the Essential 8 strategies. Here’s just a few of the solutions we offer to achieve this.
Our two-day NIST Cybersecurity Rapid Score service uses the best practice framework from the US National Institute of Standards and Technology (NIST), which covers the ACSC Essential 8. You get a risk score, detail of your risk profile and vulnerability, and a prioritised list of steps to reduce your risk profile in line with your industry.
SentinelOne delivers the security you need to prevent, detect, and undo known and unknown threats. It’s the only platform that defends every endpoint against every type of attack, at every stage in the threat lifecycle.
Fortinet’s FortiGate next-gen firewall is a high-performance network security appliance that adds intrusion prevention, application and user visibility, SSL inspection, and unknown threat detection to the traditional firewall. We also now offer 4GX & 5G failover solutions and out-of-band management for Fortinet firewalls.
Palo Alto Networks’ industry-leading family of next-gen firewalls are the first to leverage machine learning for proactive real-time and inline zero-day protection, as well as offering 5G-ready protection.
To discuss the options for your organisation’s cybersecurity, enquire now and our cybersecurity experts will promptly be in touch.
Monthly Cybersecurity Executive Briefings
We also offer online monthly cybersecurity executive briefings tailored towards business managers and executives of small-to-medium enterprise and not-for-profits. Events are 1 hour, free to attend, and our next event is on 26 May 2021 at 12.30 pm.