Many enterprises are actively building their IT security procedures to prevent the alarming number of cyberattacks businesses face today. According to the Australian Cyber Security Centre (ACSC) Threat Report 2017, 56 percent of self-reported incidents in the private sector involved compromised systems. This Australian Cybersecurity firm has also stated that ransomware continues to threaten Australia, with cybercriminals working around the clock to generate revenue by holding encrypted data hostage.
In addition to these critical threats, things like spear phishing, malicious emails, DDoS attacks, and server take-downs are causing chaos in Australia. Due to these threats, the Australian Cybersecurity has offered a few strategies to mitigate emerging cybersecurity incidents. In this blog, we’ll be discussing the eight strategies ACSC has formulated, and how implementing them will assist Australian businesses in securing their network and data.
Eight essentials for mitigating Australian Cybersecurity Incidents
In the wake of a Australian cybersecurity incident, many organizations rush to improve their security without properly assessing their strategy, which often leads to overspending on security solutions and procedures. To prevent this, Australian cybersecurity firm has formed eight essential strategies to combat any cybersecurity incident, while still being cost effective to businesses.
1. Patch applications
Keeping systems up-to-date with all the latest patches for your applications will prevent any existing vulnerabilities from being exploited. Many businesses have sets of applications that are specific to each department, so automatically updating all these applications from a central location could be an effective use of time and money.
2. Whitelist applications
Businesses need control over which applications and programs exist inside their corporate network. All it takes is one malicious program to compromise business-critical information. Application whitelisting is a procedure where only authorized and trusted applications, as defined by IT administrators, can be installed and run. Businesses can’t typically implement whitelisting for their entire network, but they can deploy this security strategy to select sets of users like chief managers, senior managers, DPOs, IT administrators, senior technicians, database administrators, and other business-critical employees.
3. Harden user applications
Not all applications are secure once they’ve been patched. For example, even if a browser is updated, its add-ons and extensions might be outdated, which can pave the way for browser-based threats. Man-in-the-browser attacks (MIBT) are a prominent cyberattack variant that have been exploiting browsers for a while, and other variants like boy-in-the-browser and cryptojacking are becoming more prevalent.
4. Restrict administrative privileges
Employees access corporate data during their daily routines for a variety of reasons. However, not every employee needs access to all data—privileges to access data should be limited to the employees who need it. This is especially true for administrative privileges, which typically enables unrestricted access to data and allows modification of critical data. The average employee should not have administrative access because cybercriminals can use these vast privileges to exploit business-sensitive information.
5. Enable multi-factor authentication
Cybercriminals and the techniques they use to access data are evolving every day, meaning a simple username and password combination is no longer sufficient for protecting data. When a password isn’t complex, a cybercriminal can use a brute-force attack to access that account, which is why using multi-factor authentication can be beneficial. Multi-factor authentication combines a traditional username-password pair with a second factor, which can include a PIN, fingerprint scan, one-time password, face scan, or iris scan. This strategy will become a fundamental practice, especially in organizations where users are operating remotely and using unsecured, public networks.
6. Patch operating systems
The famous Wannacry ransomware attack breached over 300,000 computers by exploiting just one vulnerability: EternalBlue. EternalBlue was an OS vulnerability that was actually patched before the WannaCry outbreak and only affected unpatched machines, which highlights the importance of staying up to date. Following this attack, many other threats began exploiting other OS vulnerabilities. Even in the case of the Meltdown and Spectre processor flaws, deploying an OS update gave temporarily relief to IT teams wanting to safeguard their business data from speculative execution threats. Automated patch management for Windows, macOS, and Linux, along with proper upgrade and image deployment procedures, can help businesses avoid known vulnerabilities like Wannacry.
7. Block macros in Microsoft Office
A macro is a sequence of inputs used in a program or user interface that expands into something when used. Macros can be created to streamline certain activities, but businesses need to be equipped with the right controls to tackle any untrusted macros that run in a Microsoft Office product. A cybercriminal can populate documents with hidden macros that automatically run with privileges when those documents are opened, distribute those macro-filled documents in a variety of ways, and potentially gain access to business-critical information if their macros are run.
Modern versions of Microsoft Office block macros by default. Since macros could be potentially beneficial, it’s advised to only run macros with trusted certificates and only in controllable ecosystem with limited read and write access.
8. Perform daily backups
Predefined backup plans and disaster recovery procedures are saviours in this modern cyber era. In the event of a Australian cybersecurity incident or physical disaster, backup procedures assist in reproducing data that was either lost or stolen. Data is the core of any business nowadays, so securing that data is paramount. Practising the 4-3-2 backup rule can be highly beneficial to businesses.
The 4-3-2 rule includes:
Creating 4 copies of your data
Storing your data in 3 different formats (e.g. cloud, local drive, any USB device)
Storing at least 2 copies in two different geographical locations
Implementing these mitigation strategies
Equipping these eight essential strategies can keep your business secure from data loss via cyberthreats. Analysing and employing each of these eight security strategies individually can be a daunting task, but don’t worry—we at ManageEngine are here to help.
While no solution can handle all eight of these security controls, Desktop Central, our unified endpoint management, can help with the first six of these eight strategies. Download Desktop Central now to keep your business safe and secured as per Australian cybersecurity’s mitigation strategies.
Note: Strategy eight can be mitigated using RecoveryManager Plus, another product from ManageEngine, that can easily handle all of your backup and recovery needs.