In June, the Prime Mister Scott Morrison made the extraordinary announcement that Australian organisations are currently being targeted by a sophisticated state-based cyber actor.
Without naming the specific country, the advice came from the Australian Cyber Security Centre (ACSC) as a reminder that Australian organisations need to be alert to threats and take steps to enhance the resilience of their networks.
This year we’ve already seen Toll Group taken offline twice after attackers successfully locked down their systems with ransomware and caused severe disruption for the supply chains of the major national retailers and supermarkets they serve. Brewer and beverage maker Lion also suffered a significant ransomware attack which crippled IT systems and stole confidential information.
To help protect Australian businesses the Australian Government has developed a set of eight essential mitigation strategies every organisation should be implementing as a baseline. So, what do these strategies mean in practice for organisations, and how can they begin putting them into place?
- Application control - ensures that only approved applications (e.g. executables, software libraries, scripts and installers) can be executed. While preventing non-approved applications (including malicious code) from executing.
- Patch applications - vastly minimises the risk of cyber-attacks, as programs are regularly fixed (patched) to ensure malicious code (malware) can’t access a computer system via a faulty or old software programs.
- Configure Microsoft Office macro settings - Microsoft Office macros can contain malicious code resulting in unauthorised access to sensitive information as part of a targeted cyber intrusion.
- User application hardening - Flash, ads and Java are popular ways to deliver and execute malicious code on systems. The ACSC further recommends user application hardening of all Microsoft Office programs, to disable features that are not relevant to the business.
Mitigation Strategies to Recover Data and System Availability
- Daily backups - To ensure information can be accessed following a cyber security incident, it’s important that new data, software, and configuration settings are retained for at least three months. This requires automated backup and disaster recovery solutions
Limiting the Extent of Cyber Security Incidents
- Restrict administrative privileges - Adversaries use admin accounts to gain full access to information and systems. Restrictions to operating systems and applications based on user duties are essential for ensuring your most sensitive data isn’t compromised.
- Patch computers – Similar to the vulnerabilities in applications, security vulnerabilities in operating systems can be used to further compromise systems. This means every device accessing your network needs to be patched to prevent some of the most devastating attacks.
- Multi-factor authentication – We know that stronger user authentication makes it harder for adversaries to access sensitive information and systems. Multi-factor authentication protects your applications by using a second source of validation, like a phone or token, to verify user identity before granting access.
A great first step is to implement multi-factor authentication. Cisco’s Duo is a great example of a simple to deploy, industry-leading cloud-based solution that’s been engineered to provide streamlined login experience for every user and application, while integrating easily with your existing technology. Area9 has the skills and services to deploy and run your multi-factor authentication software.
Area9’s team of experts can implement robust cyber security tools using best practices to protect your business. Our experience is in helping organisations select, deploy and manage the right mix of cyber security solutions, including:
- Multi-Factor Authentication
- Next-generation Firewalls
- IDS/IPS Systems
- Endpoint Security Software
- IT Security Management
Get in touch with us today to begin securing your business against a growing threat landscape.
For more information on the Essential 8 click here.