THE ESSENTIAL EIGHT CYBERSECURITY FRAMEWORK
Cyber-security threats and data breaches are becoming increasingly rampant, sophisticated and difficult to mitigate. Statistics from recent studies show that instances of malware attacks, data breaches, and intrusion attempts are on the rise. The challenge of ensuring cybersecurity is a global issue affecting many industries and organisations.
Even more worrying is the rising cost of cybercrime to businesses. In Australia, the average cost of a single cybercrime is about $276,000. Organisations are under pressure from the government through regulations such as the Australian Notifiable Data Breach legislation to improve their cybersecurity strategies.
However, implementing a robust cybersecurity system is often a tall order for many organisations. The reason for this is because so many different areas require security reinforcement that it's easy to miss some critical marks or be overwhelmed by the effort. Cybersecurity is not a one-size-fits-all kind of investment; many organisations, especially SMEs and startups, struggle to make the right security choices.
In 2017, the Australian Cyber Security Centre (ACSC) came up with the Essential Eight strategy for mitigating cybersecurity threats. The Australian Signals Directorate (ASD) considers the Essential Eight as one of the most effective defence strategies against cybercriminals for all organisations. The Essential Eight are also known as the ASD Essential Eight.
The Essential Eight strategy focuses on three key areas of cybersecurity:
The first step in cyber defence is protection. This part of the strategy is aimed at preventing malware delivery and the execution of malicious code.
Application WhitelistingApplication whitelisting is the practice of identifying and specifying which software applications are permitted to reside and run on a computer system or network. The goal of whitelisting is to prevent potentially harmful applications from deploying malicious code.
Whitelisting allows only approved programs with explicit permissions to execute; this includes DLLs, scripts, exe, batch and other executables. This strategy can be implemented on workstations, servers, data hubs, and network equipment.
Patch ApplicationsUse the latest versions of all client-based and server-based applications, including drivers and firmware. Also, ensure that your software applications are updated with the latest security patches. Newer or current versions of applications are always supported by their vendors and guarantee the latest and most effective security features.
Software updates help protect your data and hardware. Using outdated applications could expose exploitable vulnerabilities.
Configure MS Office Macro SettingsMicrosoft Office macros are executable programs on their own and can be used to deliver malware and run malicious code. Block macros embedded in documents from unverified sources, especially online locations. Limit the write permissions of questionable macros as well.
Only allow the execution of vetted and approved macros, and restrict security reconfiguration on macros by the user.
Application HardeningUser application hardening (UAH) refers to limiting the functions of an application to a specific scope. This reduces the risk of abnormal or unexpected behaviour. With regards to cybersecurity, UAH involves disabling or blocking flash, internet ads, some Java functions, and unnecessary features on web browser and MS Office packages.
Disabling such functions and features prevents any background processes that might give way to malware intrusion. Attackers are well known for using flash content, Java function, and popup ads to deliver malware and execute unwanted programs.
Limit Extent of Attacks
This stage focuses on limiting how far an intruder can get by minimising security loopholes in accessing data and resources. The idea is to seal off every access point and ensure that attackers have no means of gaining entry through these access points.
Restrict Administrative Privileges
Attackers usually target administrative accounts and credentials to gain privileged access to systems. Privileged accounts should not be used to read email, access online services, or download data from online sites. Credentials must be validated every time privileged access is requested on a system or application.
The privileges should be granted based on the user’s needs and job requirements. Also, regularly revalidate the need for specific levels of security clearance and privileges. Controlling access ensures that only the right individual can access and use secured services and data.
Multi-factor authentication (MFA) is a method of authenticating access credentials that requires two or more pieces of evidence (factors) to prove identity and privilege. Ideally, the first level of authentication is usually an alphanumeric password or code; the next level can include biometrics, one-time passwords, PIN, voice call, SMS, or email verification.
MFA provides an extra level of access security with every factor. Such a thorough authentication process is ideal when dealing with sensitive data and remote access.
Patch Operating System
Patching the operating system is similar to application patching, and equally as important security-wise. Install the latest operating systems on your workstations, servers, and IT equipment. Also, ensure that you install OS patches as soon as the vendor discovers and announces an exploitable vulnerability in an older version of the system software.
Do not use OS versions that are not supported by the vendor. Such versions are not considered for updates and patches, and the vendor is not responsible for any security-compromising flaws.
Data Recovery and System Availability
Data and resource availability is a big part of cybersecurity, and so is data and system integrity. The Essential Eight strategy caters to data availability as well as secure storage and access to information.
Regular backups are essential in ensuring data availability even after catastrophic failure or hardware and software resources, for instance, after a natural disaster. Back up your data on a daily basis, regardless of the volume and data generation rate. Backups should be stored offline or online in no-writable formats. Also, test data recovery and restoration systems frequently to ensure that they work properly, especially after changing or updating the IT infrastructure.
The ACSC defines three distinct maturity levels for each of the Essential 8 strategies, that determine an organisation’s preparedness to deal with cybersecurity problems using the Essential Eight. For detailed criteria of each maturity level, read more on the Australian Cyber Security Centre website.
Partially implement the Essential Eight strategies
Mostly implement the Essential Eight strategies
Fully implement the Essential Eight strategies
The Essential Eight system is a tried and true cybersecurity strategy recommended by the ASD. Although it was originally developed to protect government agencies from cyber threats, it is still ideal for the private sector and suits many organisational structures.
There is no single solution to cybersecurity; it should be a combination of efforts and mitigation strategies. The Essential Eight system gives you a realistic target for your cybersecurity goals and provides a well-structured, easy-to-follow path towards achieving them.
Cybersecurity should be a high priority in safeguarding your organisation’s future. Don’t make any compromises when it comes to data and systems security – you simply can’t afford to.