The Essential Eight – Strategies to help your business avoid being a victim of cyber crime.

6 Aug 2018 12:14 PMNetlogyx IT Support
The Essential Eight – Strategies to help your business avoid being a victim of cyber crime.

Gold Coast IT Support

The Strategies to Mitigate Cyber Security Incidents is a list of alleviation strategies to Aid businesses and organisations to protect their systems from a vast range of cyber threats. The idea is to customise the mitigation strategies to suit each businesses risk profile and the cyber threats

That are likely to pose the biggest threat to them.

While no one strategy can guarantee to prevent cyber security incidents,organisations are recommended to implement eight main  strategies as a framework. This framework (referred to as The Essential Eight), tightens overall security and makes system comprimise more difficult.

 

If your business decides to actively implement the Essential Eight it will ultimately be more cost effective in regards to money, time  and effort than if you have to respond to a larger scale security attack.

Before starting to implement these strategies, organisations need to review the following:

a. identify which systems require protection (i.e. which systems store, process or

communicate sensitive information or other information with a high availability requirement)

b. identify which adversaries are most likely to target their systems (e.g. cyber criminals,

nation-states or malicious insiders)

c. identify the level of protection your business requires (i.e. selecting mitigation strategies to implement

based on the risks to business activities from specific cyber threats).

 

There is a recommended order to implement for each cyber threat that will help your organisationbuild a strong cyber security network for your systems. Once organisations have begun implementing strategies , they need to focus energy on increasing the maturity of their implementation such that they eventually reach full alignment with the intent of each mitigation strategy in the following table.

 

Strategies to prevent Malware Attacks

Application whitelisting of approved/trusted                   

programs to stop the execution of

unapproved/malicious programs including .exe,

DLL, scripts (e.g. Windows Script Host,

PowerShell and HTA) and installers.

Why: All non-approved applications (including

malicious code) are prevented from executing.

 

Patch applications e.g. Flash, web browsers,

Microsoft Office, Java and PDF viewers.

Patch/mitigate computers with ‘extreme risk’

vulnerabilities within 48 hours. Use the latest

version of applications.

Why: Security vulnerabilities in applications can

be used to execute malicious code on systems.

 

Configure Microsoft Office macro settings to

block macros from the Internet, and only allow

vetted macros either in ‘trusted locations’ with

limited write access or digitally signed with a

trusted certificate.

Why: Microsoft Office macros can be used to

deliver and execute malicious code on systems.

 

User application hardening. Configure web

browsers to block Flash (ideally uninstall it), ads

and Java on the Internet. Disable unneeded

features in Microsoft Office (e.g. OLE), web

browsers and PDF viewers.

Why: Flash, ads and Java are popular ways to

deliver and execute malicious code on systems.

 

Mitigation strategies to limit the extent of cyber security incidents

 

Restrict administrative privileges to operating

systems and applications based on user duties.

Regularly revalidate the need for privileges.

Don’t use privileged accounts for reading email

and web browsing.

Why: Admin accounts are the ‘keys to the

kingdom’. Adversaries use these accounts to

gain full access to information and systems.

 

Patch operating systems. Patch/mitigate

computers (including network devices) with

‘extreme risk’ vulnerabilities within 48 hours. Use

the latest operating system version. Don't use

unsupported versions.

Why: Security vulnerabilities in operating

systems can be used to further the compromise

of systems.

 

Multi-factor authentication including for VPNs,

RDP, SSH and other remote access, and for all

users when they perform a privileged action or

access an important (sensitive/high-availability)

data repository.

Why: Stronger user authentication makes it

harder for adversaries to access sensitive

information and systems.

 

Mitigation strategies to recover data and system availability

 

Daily backups of important new/changed data,

software and configuration settings, stored

disconnected, retained for at least three months.

Test restoration initially, annually and when IT

infrastructure changes.

Why: To ensure information can be accessed

again following a cyber security incident (e.g.

after a successful ransomware incident).

 

For more information on implementing these strategies within your business contact Netlogyx today.

 

Related Tag: IT Support Gold Coast