As our society becomes increasingly dependent on information and communications technology (ICT), the potential threat to our cyber security only increases. Whether it be email scams, identity theft or data breaches, the importance of your organisation protecting themselves online has never been higher.
To help combat this, the Australian Government’s Cyber Security Centre has released ‘the Essential Eight’. The Essential Eight are a series of baseline mitigation strategies to combat cyber security incidents.
Sound a bit confusing? Don’t stress – we get it. We’re here to translate all the digital mumbo-jumbo into everyday English.
In this article we’ll briefly go over what count as cyber security incidents, explain each of the eight and the importance of keeping your organisation safe online.
What are cyber security incidents?
Before we jump into it, let’s quickly define what we’re talking about. Cyber security incidents, also known as cybercrime, refer to a wide range of situations.
The Australian Federal Police outline the term cybercrime as describing both:
- crimes directed at computers or other ICTs (e.g. computer intrusions and denial of service attacks), and
- crimes where computers or ICTs play a central part in the offence (e.g. online fraud).
Moreover, the Australian Cyber Security Centre lists some of the more common types of cybercrime, including:
- Identity theft and fraud (e.g. criminals gaining access to your information to steal money or other benefits)
- Online fraud (e.g. criminals pretending to be your bank to gain access to your credit card information)
- Cyber-enabled abuse (e.g. bullying or harassment online)
- Online image abuse (e.g. intimate images or videos being shared without the consent of the person pictured)
- Affected devices (e.g. your smartphone being infected by malicious software).
So, while there is a wide scope of cyber security incidents, they all revolve around an offence conducted through, or targeted towards, computers or other ICTs.
The thing is, cybercrime is often a lot more nefarious than being catfished on a dating app. Being a victim of cybercrime can have devastating financial and social consequences.
The Essential Eight
The best way to mitigate against potential security threats is to protect yourself. Just as you would lock your doors and windows when you leave your house or install CCTV, so should you do everything you can to protect yourself online.
There are several different mitigation strategies that can help protect you against cyber security incidents. While no single strategy is guaranteed, having several strategies working at the same time is the best way to protect yourself and your information.
To make things easier, the Essential Eight is recommended by the Government as a baseline to protect against cyber security incidents. We’ll go through each of these one-by-one below.
Strategies to prevent malware delivery and execution
Application control
Application control is an approach designed to protect you against malware executing on certain systems. Implementing application control properly ensures only approved and trusted applications can interact with your device.
In simpler terms, it stops your device interacting with malicious code and downloading suspicious applications.
Windows 10 includes two technologies that can be used for application control. Depending on your organisation’s specific scenarios and requirements, you can use:
- Windows Defender Application Control; and
- AppLocker.
Through effective application control, all non-approved applications are prevented from executing with your computer or device.
Patch applications
Patches are a set of changes to an application or its supporting data that updates, fixes or improves said data. If a security risk is detected in the application, the vendor may release a newer, updated version of the application.
Security breaches or vulnerabilities in an application may be used to execute malware on your system. Therefore, if a risk is detected, it is recommended you patch or mitigate the at-risk computers within 48 hours.
Best practice is to continually update applications and always use the latest version of applications.
Configure Microsoft Office macro settings
The ubiquitous Microsoft Office suite may be used to deliver malicious code into your organisations system through macros.
Macros are a small program or script that helps automate common or repetitive tasks. For example, you might record a macro in Word that inserts your entire address when you press a custom key combination. Alternatively, an Excel user might record a macro that formats the data in a specific column of their spreadsheet.
So, in order to protect your computer, configure your Office setting to only allow vetted macros from trusted locations or those that are signed with a trusted certificate.
User application hardening
Flash, ads and Java are popular ways for malicious code into your system. Therefore, it is recommended that you uninstall Flash and block ads and Java while browsing the internet. In addition, configure Office so it disables Flash content.
Strategies to limit the extent of cyber security incidents
Restricting administration privileges
If you work in an organisation, it is recommended you restrict administration privileges to specific systems and applications based on a user’s specific duties.
For example, don’t give someone in marketing the administration privileges for the accounts department. After all, administrator accounts have full access to information and systems and are seen as the ‘keys to the kingdom’.
Limit the number of people that have admin privileges – the fewer keys there are, the fewer opportunities there are for attacks.
Patching operating systems
This is essentially the same as the earlier recommendation on updating at-risk applications. In short, make sure your operating system is always up to date and never download unsupported versions of your OS.
Multi-factor authentication
Multi-factor authentication is another line of defence protecting you and your organisation’s information and data. It is recommended that multi-factor authentication is used by all users to access important information.
Multi-factor authentication builds on the old password model and adds another security element, such as Universal 2nd Factor security keys, physical one-time password tokens, biometrics or smartcards.
There are several popular and free multi-factor authenticator apps, including:
- Google Authenticator
- Microsoft Authenticator.
Strategies to recover data and system availability
Daily backups
Regularly backing up important data, software configuration settings are key to recovering your data in the event of a breach. It is also important you store backups for at least three months or greater and that backups are stored offline.
As with any protection equipment or procedures, it is important you test your full restoration of backups. Just as organisations practice fire drills, so too should you practice restoring backed up information – at least every quarter or when important changes occur.
Why is cybercrime prevention so important?
As more of our lives become dependent on the internet and ICTs, the opportunities for criminals to take advantage of unaware or unprepared people.
Consider this – the Australian Cyber Security Centre receives one cybercrime report every ten minutes from individuals and businesses. If the police reported a car being stolen every ten minutes, would you leave your car unlocked, with the keys in the ignition and parked on the street? Probably not.
Another thing to consider is the role of cyber-attacks in a changing political climate. In June of 2020, the Prime Minister Scott Morrison released a statement disclosing the fact that Australian governments and businesses had been the target of a ‘state-based attack’.
While we aren’t telling you to start Doomsday prepping, what we are saying is that cybercrime is here to stay.
The good news is, just as cyber criminals are becoming more sophisticated, so too are the strategies and applications that protect individuals and businesses.
We get that for a lot of people, all this seems very complicated and convoluted. That’s why we’re here to help translate it all into plain English and make sure you and your business are best protected – especially if you aren’t super tech-savvy.
If you want to find out more about cyber security incident prevention, give us a call on 07 3369 1415 or by heading to our contact us page.
Stay safe out there!