Australian Cyber Security Centre’s Essential Eight Mitigation Strategies

ACSC Essential 8

If you caught October’s article on Cyber Security, published as part of Cyber Security Month, you’ll understand the thinking behind the Australian Cyber Security Centre’s Essential Eight Mitigation Strategies for protecting your organisation’s IT systems and infrastructure from cyber threats, namely:

  • Application Whitelisting – approving specific applications to prevent unauthorised applications executing (i.e. a list of Applications specifically permitted to execute on your system; anything not on the list is denied)
  • Patching Applications – ensure only latest versions of applications are used, minimising risk of security vulnerabilities allowing malicious code to impact your systems
       .       .     
  • Application Hardening – configure web browsers to block certain features which are known gateways for installing malicious code (e.g. Flash, ads, Java and certain MS Office elements)
  • Restricting Administrator Access – restrict users granted administrator privileges and regularly review that list. Prevent use of admin accounts for everyday tasks (e.g. emailing and web browsing), limiting opportunities for potential threats to access your systems
  • Disabling Macros – block installation of macros from the internet, allowing only those from trusted sources, to provide further protection from malicious code
  • Multi Factor Authentication – significantly increase the difficulty for unauthorised users to access sensitive or critical information, particularly from remote locations
  • Daily Backups – capture snapshots of important, new or changed data, software and user configurations. Store copies offsite and conduct trial restorations from backup regularly
  • Patching Operating Systems – apply patches to existing system versions within 48 hours of availability. Within a planned upgrade lifecycle ensure upgrades to latest versions should be applied as soon as practicable to prevent attack through known defects in outdated versions

Prevention is not only sensible, it’s cost-effective – better to recognise and avoid the business and financial consequences of a successful attack on your organisation’s IT systems than to ignore the risks and be compelled to spend untold amounts of time and money attempting to rectify a possibly ruinous situation.

The IT Agency will help you plan and implement a customised version of the Essential 8 designed specifically for your unique business requirements.  We’ll provide a specialised system application for ‘whitelisting’ your business applications and implement ringfencing tools for macro disabling and application hardening.  Our managed service packages include keeping your software versions updated, applying all patches promptly and performing regular backups of systems and data.  We’ll help you identify which users should have administrator access and setup your system to lockdown what can/cannot be done using administrator privileges. Finally, we’ll advise on where your systems and infrastructure would benefit from multi-factor authentication, recommend how it can be achieved and set it all up on your behalf.