ESSENTIAL EIGHT
In today’s digital society, cyber threats are an all too frequent reality. On almost a daily basis, businesses across the nation are faced with a variety of common cyber security incidents threatening their infrastructure, data and livelihood. In order to mitigate the risk posed by these threats, it is crucial to have cost-effective and comprehensive protection strategies in place. These strategies should work to:
​
-
Prevent malware delivery and execution;
-
Limit the extent of cyber security incidents; and
-
Assist in data recovery and system availability.
​
The Australian Cyber Security Centre’s (ACSC) Essential 8 (previously the ASD Essential 8) does just that. Ultimately, it is a baseline of mitigation strategies compiled to assist Australian organisations and government agencies in protecting their systems against a range of adversaries.
​
The ACSC Essential 8 Explained
​
Firstly, these controls act as a baseline of defence and assist organisations in uplifting their security posture. Secondly, implementing them in a proactive way is more cost-effective than responding to large scale cyber security incidents in a reactive manner. For that reason, these controls are listed in a suggested implementation order, starting with Application Control and ending with Daily Back Ups:
​
Application Control - This is the practice of specifying an index of approved software applications or executable files. This can be achieved by Application Whitelisting, for instance. It is primarily designed to prevent the execution and spread of malicious code, as well as the installation or use of unapproved applications.
​
Patching Applications - Patches provide updates or changes to fix or improve your devices’ applications, such as Flash, web browsers, Microsoft Office, Java, PDF viewers and more. In addition, they remove security vulnerabilities meaning they close the gaps that adversaries typically target.
​
Configure Microsoft Office Macro Settings - Macros work in the background of Microsoft Office documents, and are used by cyber adversaries to execute malicious code. Therefore, it is recommended to block macros from the internet, and only allow checked macros from trusted locations with limited write access or further, digitally signed macros with a trusted certificate.
​
User Application Hardening - Flash, web advertisements and Java are popular vehicles for executing malware on victims’ systems. Therefore, it is important to configure web browsers to block and disable these. Further disable other unnecessary features in Microsoft Office and PDF viewers.
​
Restrict Administrative Privileges - To prevent adversaries from exploiting admin accounts and gaining full access to your business’ information and systems, it is important to restrict administrative privileges based on individual users’ duties. It is also vital to regularly revalidate these privileges.
​
Patch Operating Systems - Just as with your applications, your computers and network devices should be patched and updated regularly. Your operating systems are one of the primary ways that cyber criminals can enact further compromise and systems should therefore be running the latest versions.
​
Multi-Factor Authentication - Multi-Factor Authentication is the practice of using two or more authentication factors to verify a user to a system. When implemented correctly, it significantly strengthens user authentication, thus making it more difficult for cyber adversaries to steal credentials and gain access to the network.
​
Daily Back Ups - In the aftermath of a security incident it is vital that key information from prior to the incident, including data and configuration settings, is available. Daily back-ups of new/changed data, software and settings facilitate an easier recovery and assist in keeping systems available.