October 08, 2020 / by Adam Murray / In security

Don’t get behind the 8 ball: boost cybersecurity with the Essential 8

eight-ball

The Essential Eight is a set of recommended mitigation strategies to help government agencies and companies improve their security posture and reduce the risk of cyber attacks. The Australian Signals Directorate (ASD) initially established these strategies in 2017. Facing unprecedented cyber threats, the Australian Government soon after identified a need to provide enhanced cybersecurity capabilities and a single source of advice and support for ongoing cybersecurity. To address this need, the Australian Cyber Security Centre (ACSC) expanded and became part of ASD.

So, just what are these great eight?

The Essential Eight fall into three mitigation strategy categories:

  • to prevent malware delivery and execution (we’ll call this category 1)
  • to limit the extent of cybersecurity incidents (category 2)
  • to recover data and system availability (category 3).

Within these categories, you’ve got:

  1. Application control to prevent execution of unapproved or malicious programs (category 1). Such programs can include .exe files; dynamic link libraries (DLLs); scripts, such as Windows Script Host, PowerShell, and HTML applications; and installers. Putting this control in place keeps all nonapproved applications from executing.

  2. Patch applications such as Flash, web browsers, Microsoft Office, Java, and PDF viewers within 48 hours, once you’ve identified a security vulnerability (category 1.) Otherwise, hackers can take advantage of these vulnerabilities and execute malicious code on your systems. Also, make sure you’re using the latest version of the applications.

  3. Configure Microsoft Office macro settings to block macros from the internet (category 1.) Also, allow vetted macros only either in trusted locations with limited write access or digitally signed with a trusted certificate. If you don’t configure these settings, you are again empowering hackers to execute malicious code on your systems.

  4. User application hardening, which makes it more difficult for hackers to tamper with your applications (category 1.) To do this, uninstall Flash or configure your web browsers to block it as well as to block Java and ads on the internet, all of which are popular ways in to your systems for hackers. While you’re at it, disable any unnecessary Microsoft Office features, web browsers, and PDF viewers.

  5. Based on user duties, restrict administrative privileges to operating systems and applications (category 2.) If your cyber enemies gain access to these accounts, they can gain access to all your information and systems. Once you determine who gets access, don’t just ‘set and forget’. Regularly review and approve who needs admin privileges. Also, make sure ‘the chosen ones’ don’t use these admin accounts for reading email and Googling.

  6. Patch operating systems within 48 hours of critical patch releases to mitigate risk to devices (category 2.) Be sure to use the latest operating system version and avoid unsupported versions. Hackers can take advantage of operating system vulnerabilities to compromise your systems even further.

  7. Implement multifactor authentication for VPNs, RDP, SSH and other remote access, as well as for all users performing privileged actions or accessing an important repository (category 2.) Putting more robust user authentication in place makes it more difficult for hackers to gain access to sensitive data and systems.

  8. Back up new or changed data, software and configuration settings daily and store, disconnect and retain these backups for at least three months (category 3.) Further, test restoring these initially, annually and anytime IT infrastructure changes to make sure you can access your information following a cybersecurity incident.

So, are the Essential Eight important?

In today’s increasingly cyber-threatened landscape, many cybersecurity standards exist. Two of the most well-known are the cybersecurity framework from the National Institute of Standards and Technology (NIST) and ISO 27001. But the NIST framework, for example, contains more than 900 unique security controls. For most organisations, this number of controls is daunting and can lead to ‘analysis paralysis’. For this reason, the Essential Eight strategies are worthwhile to try to put in place. They provide a critical (and much more manageable) starting point for many companies. No, the list is not as comprehensive as the NIST controls, but implementing what’s on it is a good first-step security goal for companies to work towards, as doing so can still provide a significant boost to their cyber posture.

Tikabu’s takeaway

The Essential Eight are certainly not the be-all and end-all in Australia cybersecurity, but they have set a small benchmark for best practice. If you’ve decided to adopt the Essential Eight, the next step is finding the equally essential tools to do so. Click back to Tikabu in the coming weeks as we take a deeper dive into a few of the Essential Eight and the Microsoft tools that Tikabu is seeing make a significant difference in the security posture of customers and companies globally.

References

https://www.asd.gov.au/cyber

https://www.cyber.gov.au/acsc/view-all-content/essential-eight/essential-eight-explained

Recent Posts