Skip to main content

The Essential Eight, how are you protected?

T oday, there are thousands of cyber security strategies published that tailor to all sorts of infrastructures, market categories and cyber threats. Knowing which strategies apply to your organisation and where to start cyber resilience activities can be an overwhelming task. In order to assist your business Australian Cyber Security Centre has compiled a list of mitigation strategies so that you know where to start.

ASD (Australian Signals Directorate) has outlined the security policy (ie ASD Essential 8) to protect the digital assets to avoid a possible data breach. However, implementing the ASD Essential 8 security policy requires many security products and requires skills to implement and manage.

1. Application whitelisting of approved/trusted programs

CMT + UEM

to prevent execution of unapproved/malicious programs including .exe, DLL,
scripts (e.g. Windows Script Host,PowerShell and HTA) and installers

2. Patch applications

CMT + UEM

e.g. Flash, web browsers, Microsoft Office, Java and PDF viewers. Patch/mitigate
computers with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest version of applications.
Why: Security vulnerabilities in applications can be used to execute malicious code on systems.

3. Patch operating systems

CMT + UEM

Patch/mitigate computers (including network devices) with ‘extreme risk’
vulnerabilities within 48 hours. Use the latest operating system version. Don't use unsupported versions.
Why: Security vulnerabilities in operating systems can be used to further the compromise of systems.

4. Restrict administrative privileges

CMT + iDaaS

to operating systems and applications based on user duties. Regularly
revalidate the need for privileges. Don't use privileged accounts for reading email and web browsing.
Why: Admin accounts are the ‘keys to the kingdom’. Adversaries use these accounts to gain full access to
information and systems.

5. User application hardening

CMT + UEM

Configure web browsers to block Flash (ideally uninstall it), ads and Java on
the Internet. Disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers.
Why: Flash, ads and Java are popular ways to deliver and execute malicious code on systems.

6. Configure Microsoft Office macro settings

CMT

to block macros from the Internet, and only allow vetted
macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.
Why: Microsoft Office macros can be used to deliver and execute malicious code on systems.

7. Multi-factor authentication

iDaaS

including for VPNs, RDP, SSH and other remote access, and for all users
when they perform a privileged action or access an important (sensitive/high-availability) data repository.
Why: Stronger user authentication makes it harder for adversaries to access sensitive information and
systems.

8. Daily backups

Backup / Cloud Apps

of important new/changed data, software and configuration settings, stored disconnected,
retained for at least three months. Test restoration initially, annually and when IT infrastructure changes.
Why: To ensure information can be accessed again following a cyber security incident (e.g. a ransomware
incident).

Tags:

Recommended For You

Articles

The Workplace of the Future Remote Workforce

darkstar
darkstarMarch 16, 2021
Articles

11 best practices for your MDM

darkstar
darkstarJune 18, 2019
10-THINGS-TO-CONSIDER-FOR-BYOD Articles

10 things to consider for BYOD

darkstar
darkstarMay 10, 2019