The Essential 8 from AustCyber
What Are the Essential 8?
The Essential 8 are a prioritised list of mitigation strategies that help organisations of all sorts to protect their systems against cyber threats. Although no standalone mitigation strategy is guaranteed to prevent cyber incidents, when implemented together the former Australian Signals Directorate estimated that 85% of cyberattacks could have been thwarted. So we recommend you consider them for your organisation as a baseline defensive strategy.
Why Are the Essential 8 Effective?
Although most businesses are generally aware of the importance of cyber security, many businesses struggle to take definitive action against cyber threats – the Essential 8 is the best place to start.
The Essential 8 strategies have been developed to protect networks, users, applications and data from cyber threats. They are the result of the Australian Government’s security agencies’ involvement in numerous cyber attack mitigations and investigations, so they are derived from real-life experience.
The Essential 8 are cost-effective, and accessible to most businesses. They can, in several cases, be automated and managed from a centralised console. The Essential 8 can also be customised depending on each organisation’s risk profile and the cyber threats they are most concerned about.
The Essential 8 Strategies
The Number One Strategy: Application Whitelisting
When it comes to limiting or even preventing the execution of malware, application whitelisting is the most effective strategy for mitigating cyber security threats. Application whitelisting explicitly defines which trusted applications can run in your network, and untrusted applications are denied or isolated. By ensuring that only authorised programs can be executed, the threat of infection from ransomware is mitigated and the system operator can maintain complete control.
Application security vulnerabilities can be used to execute malicious code. Therefore, it is important that you patch applications (like Flash, web browsers, Microsoft Officer, Java and PDF viewers) and patch/mitigate computers with ‘extreme risk’ vulnerabilities within 48 hours.
Configure Microsoft Office Macro Settings
Microsoft Office macros can be used to execute malicious code on systems. To combat this, you need to configure Microsoft Office macro settings so that they block macros from the Internet and only allow vetted macros (i.e. those in ‘trusted locations’ with limited write access, or those that are digitally signed with a trusted certificate).
User Application Hardening
Java, Flash and ads are popular methods for delivering and executing malicious code. To prevent these attacks, your business should configure web browsers to block (or uninstall, when applicable) Java, Flash and ads on the internet. You should also disable unnecessary features in Microsoft Office, PDF viewers and web browsers.
Restrict Administrative Privileges
Admin accounts can be used by adversaries to gain full access to information and systems. To prevent this, you need to restrict administrative access to operating systems and applications. Don’t use privileged accounts for reading emails and web browsing, and regularly revalidate the need for privileges.
Patch Operating Systems
Operating systems with security vulnerabilities can be used to increase the compromise of systems. Therefore, it is important that you patch/mitigate computers (this includes network devices) with ‘extreme risk’ vulnerabilities within 48 hours. You should also make sure that you use the latest operating system (and never use unsupported versions).
The stronger your user authentication, the harder it is for adversaries to access sensitive systems and information. Ensure that you have multi-factor authentication for VPNs, RDP, SSH and other remote access software. You should also have it for all users when they perform a privileged action, or when they access an important or sensitive data repository.
In the event of a cyber security incident (like successful ransomware), you need to make sure that you can access your information again. This means you need to perform daily backups of important data, software and configuration settings. You should store these backups disconnected and retain them for at least three months – then test the restoration initially, annually and when IT infrastructure changes.
Before You Implement the Essential 8
It is important to note that before implementing any of the Essential 8, businesses should undertake the following:
- Identify which systems need protection
- Consider likely attack vectors, the job titles and processes likely to be targeted for financial gain or disruption
- Identify the level of protection or business process changes that are necessary to keep the systems identified in number 2 operating smoothly, with no or minimal data loss