When the Australian Signals Directorate releases an update to its cybersecurity strategies, every business should take note.
When the Australian Signals Directorate (ASD) published its first cybersecurity strategies guide in 2010, it became a reference for many information security professionals around the world.
Why? Because the guide produced by the ASD, an intelligence organisation within Australia’s Department of Defence, is both comprehensive and simple to understand. It clearly identifies the top strategies organisations should prioritise as defences against cybercrime.
The ASD’s February 2017 update, Strategies to Mitigate Cyber Security Incidents, outlines eight essentials that should be taken as the “cybersecurity baseline for all organisations”. These protocols aim to prevent malware running, limit the extent of cybercrime incidents and recover data.
Given the ASD’s respected reputation in the information security community, it could be well worth talking to your IT or security manager or a consultant to see how its strategies can be applied in your business. Using even the first four strategies can still mitigate at least 85 per cent of the techniques often used in hacks, according to the ASD.
1. Application whitelisting
“A whitelist only allows selected software applications to run on computers. All other software applications are stopped, including malware,” the ASD explains.
This strategy is particularly important for larger organisations to ensure that IT teams install only approved and trusted applications. It can be done with an advanced application management tool such as AppLocker, which is included in enterprise versions of Windows 7, 8 and 10.
It might be overkill for very small businesses, but if you don’t adopt whitelisting, it becomes even more critical to adhere to the fourth strategy – restricting administrative privileges to prevent unauthorised software from running.
CPA Q&A. Access a handpicked selection of resources each month and complete a short monthly assessment to earn CPD hours. Exclusively available to CPA Australia members.
2. & 3. Patch applications and operating systems
“Adversaries will use known security vulnerabilities to target computers,” says the ASD. This is why individuals should always install application and OS updates when prompted, or automatically if the software offers this feature.
For organisations, it’s a bit more involved. The second and third strategies require setting up IT processes that ensure operating systems and applications on all computers are updated in a systematic and timely manner.
4. Restrict administrative privileges
“Administrator privileges … should be restricted to only those that need them,” advises the ASD. This means that in Windows, for example, only trusted IT administrators should have administrator accounts; everyone else should have standard accounts, which have restrictions such as not being able to install or run new programs.
As the ASD observes: “Admin accounts are the ‘keys to the kingdom’ [and] adversaries use these accounts for full access to information and systems.”
5. Disable untrusted Microsoft Office macros
Microsoft Office macros are “increasingly being used to enable the download of malware,” according to the guide. So macros should be “secured or disabled” by configuring Office settings to “block macros from the internet, and only allow vetted macros …”
6. User application hardening
“Flash, Java and web ads have long been popular ways to deliver malware to infect computers,” the guide explains. Still, it’s interesting that the ASD now says it’s essential to “block web browser access to Adobe Flash player (uninstall if possible), web advertisements and untrusted Java code on the internet.”
7. Multi-factor authentication
This means having more than a password for accounts, particularly when accessing important data or performing privileged actions, such as system administration. Additional log-in factors can include a passphrase or PIN; a physical token or software certificate; and/or biometric data such as a fingerprint scan.
8. Daily back-up of important data
Somewhat surprisingly, this wasn’t one of the original essentials, but it is now, possibly due to the rise of ransomware – a malicious software that blocks access to your computer system until a ransom is paid.
The ASD stresses the importance of securely storing daily back-ups “offline or otherwise disconnected from computers” because ransomware and other malware can “encrypt, corrupt or delete back-ups that are easily accessible”.
A security information and event management (SIEM) solution such as Splunk may not be essential, but it’s highly recommended by the ASD for “continuous incident detection and response”.
QNAP NAS device
A daily back-up is essential, but to mitigate against ransomware a back-up must be to a location that can be disconnected from the network, such as the QNAP TS-451 NAS (network attached storage).
Network security appliances, such as the WatchGuard Firebox T50, provide advanced protection for small businesses, including an option for web content filtering.
Want to know more?
How to protect against the new malware threat