When it comes to cyber security, there’s both good and bad news.
Let’s start with the bad news: Cyber-crime rates have never been higher. The latest ACSC Threat Intelligence Report shows that nearly 94,000 cyber-crime incidents were reported over the previous financial year. With the average cost of a cyber-crime for a medium-sized business now exceeding $97,200, it’s not surprising many organisations are looking for ways to rapidly boost their cyber resilience.
However, it’s not all doom and gloom.
The good news is that most cyber-crime is NOT highly sophisticated. Most cyber-criminals are opportunists on the hunt to make a quick buck. Of course there are sophisticated cyber-criminals out there using advanced tactics, techniques, and procedures to target their victims. But they are not the majority.
So, what does this mean for your business?
Put simply, any organisation looking to develop and implement a cyber security strategy for the first time should focus on measures that prevent low-level cyber-crime. By directing limited resources in this way, organisations can avoid becoming a victim of the most common types of cyber-crime.
In this blog, we focus on what it takes to rapidly align to the Essential Eight’s Maturity Level One (ML1).
What is the ASD Essential 8?
The Essential Eight is a cyber security framework developed by the Australian Cyber Security Centre (ACSC) to help organisations mitigate cyber threats and enhance their cyber security posture.
It consists of eight key strategies that are considered essential for improving an organisation’s resilience against cyber-attacks. These strategies are based on the most common methods used by cyber-criminals to compromise systems and data.
Within the Essential Eight framework there are four maturity levels, from Maturity Level Zero (no security posture) through to Maturity Level Three (able to defend against highly sophisticated cyber-attacks).
For most medium-sized businesses, aligning with Maturity Level One offers strong protection against the most common types of cyber-crimes you are likely to confront.
What is the E8 Maturity Level 1?
Maturity Level One, or ML1, focuses on preventing the most common types of cyber-criminals, i.e., those who are not highly skilled. These are the cyber-criminals that continuously scan the internet for any opportunities they can quickly and easily exploit. They are the bottom feeders of the cyber-crime world.
By aligning with the Essential Eight’s ML1, you will ensure that your organisation has a solid cyber security foundation in place. Not only will you prevent the most common types of cyber-crime, but you will also be in a strong position to build upon those foundations in the future, thereby further uplifting your cyber maturity over time to prevent even more advanced cyber threats.
Furthermore, cyber insurance often mandates that policyholders need to demonstrate they are taking active measures to uplift their cyber-resilience. By aligning with the Essential Eight’s ML1, you can demonstrate that you have the fundamentals of cyber-resiliency in place that will protect your organisation from the most common types of cyber-attacks.
How to quickly align with Essential Eight Maturity Level One?
Let’s go through the eight key strategies of the Essential Eight and what measures you can implement to align with Maturity Level One:
1-APPLICATION CONTROL
Many cyber-attacks occur due to security vulnerabilities in applications. It is essential to ensure that all the applications used in your organisation are secure. But do you even know which applications are being used in your organisation?
One of the most important measures you can take to reach Maturity Level One is to limit staff access to approved applications that are known to be secure.
This can be achieved through using application whitelisting platforms.
These platforms allow you to create a list of approved applications. Any applications not listed will be blocked from your organisation’s computers or servers.
To create a list of approved applications, start by engaging staff across your organisation and do an audit of all the applications they are using. Then categorise the applications on a scale of 1 (nice-to-have) to 5 (business critical).
Starting from category 5, assess each application’s risk profile, including the level of functionality, integration with other systems, and access to sensitive data. Applications that pose a high level of risk should be scanned for vulnerabilities, and possibly pen tested. Also ensure that the applications are configured correctly, and privileged access is restricted to authorised individuals.
By ensuring that only secure applications are approved for use in your organisation, you can significantly increase your cyber-resilience.
2- PATCH APPLICATIONS
Once you have restricted access to secure applications only, you need to ensure that your applications continue to remain secure. This is where patching comes in.
A patch is an update to an application’s code that is designed to fix any identified security bugs or improve the application’s functionality. By rapidly rolling-out security patches as soon as developers make them available, an organisation can stay one-step ahead of cyber-criminals who are hunting for un-patched applications they can exploit.
Develop and implement a patching process for your organisation. Ensure that at least one individual is accountable for ensuring that security patches are rolled-out as quickly as possible, especially those patches that are designed to fix critical vulnerabilities in applications.
Consider designating a specific date each month when applications will be patched.
Ideally, all security patches would be rolled-out immediately upon being made available. However, this might be a challenge depending on the volume of patches and applications involved. Therefore, you should ensure that critical vulnerabilities are given top priority, while other security patches should be rolled-out as soon as practicable.
3- CONFIGURE MICROSOFT OFFICE MACROS
If, like most organisations, you use Microsoft Office applications, such as Word, Excel, PowerPoint etc., then you need to be cautious around the use of macros.
What is a macro? Macros are a feature within Microsoft Office applications that allow users to automate a range of repetitive actions. Macros allow users to save a considerable amount of time.
However, cyber-criminals can also take advantage of macros by embedding hidden malicious code into files, such as Excel or Word documents. Because macros can run automatically, they may trigger the execution of malware in your environment, without you realising it until it is too late.
It is important to ensure that macros are deactivated in your organisation unless a staff member can demonstrate an important reason why they need macros. Your IT team should be making use of tools to block macros.
4- APPLICATION HARDENING
Keep your applications simple. Applications that perform a limited number of functions are easier to protect than complex applications that perform multiple functions. As functionality increases, there is a need for more complex code, which could unwittingly introduce more security vulnerabilities.
By deactivating application functionality that is not required, a process known as ‘hardening,’ you are reducing the number of potential security vulnerabilities that cyber-criminals could exploit.
Some basic hardening measures you can take include deactivating applications’ ability to run Flash or JavaScript, as these are commonly used in cyber-security exploits.
5- RESTRICT ADMINISTRATIVE PRIVILEGES
Staff should only be able to access the systems and data required to do their job. This is known as the principle of least privilege (PoLP).
PoLP is important because if a user account with admin privileges is compromised, the cyber-criminals could access large quantities of sensitive data, manipulate configurations and bypass security settings. By restricting the number of users with admin privileges, the risk of a breach having catastrophic consequences for the organisation is reduced.
Start by undertaking a review of all the systems in your organisation and ensure that user profiles are configured correctly with appropriate privileges. Also, make sure procedures are in place to rapidly deactivate any user accounts whenever a staff member leaves the organisation.
It is also important to have procedures in place to regularly review user profiles to ensure they remain configured correctly over time.
6- PATCH OPERATING SYSTEMS
Whatever Operating System (OS) runs the computers in your organisation, it is essential to ensure that they are always updated with the latest security patches.
Just like other applications, security vulnerabilities are routinely identified in Operating Systems. As soon as patches are developed to fix these vulnerabilities, you should ensure that the OS is updated so that you will be protected from cyber-criminals who are seeking to exploit those vulnerabilities.
One of the most effective ways to achieve this is by automating OS updates, particularly on endpoints. Make sure staff understand that they should not delay rebooting their computers when prompted to do so.
When it comes to security updates for servers, designate a specific time each month for your IT team to test and roll-out security patches.
7- MULTI-FACTOR AUTHENTICATION
Compromised passwords are one of the most significant security risks.
Many people create weak passwords and routinely re-use the same passwords across multiple systems. The dark web is awash wish billions of compromised passwords that cyber-criminals use to compromise systems.
That’s where Multi-Factor Authentication (MFA) comes in.
MFA is one of the most effective measures to prevent cyber-criminals accessing systems with compromised passwords. Users wishing to access a system need to verify their identity using two or more pieces of evidence, including:
- Something they know (such as their password)
- Something they have (such as a one-time code sent to their mobile phone)
- Something they are (such as their fingerprint)
Ensuring that MFA is activated on all systems is one of the most effective ways to strengthen your organisation’s cyber-resilience.
8- REGULAR BACKUPS
Cyber-resilience is about more than preventing cyber-attacks. You also need to be able to recover quickly should a cyber-attack occur.
That’s why backing-up your critical data is so important.
With attacks like ransomware on the rise, you need to ensure that your business can continue operating, even if cyber-criminals steal or block access to your data. Back-ups allow you to quickly restore your files and systems, limiting the damage that a cyber-attack can inflict on your business.
Critical data should be backed-up on a regular basis, preferably daily. The data should be stored in a totally separate system. Set up a process to regularly monitor back-ups to ensure they are occurring as intended. Verify that backed-up data is accurate and readily recoverable.
How can Virtuelle help?
There are numerous measures associated with aligning to the Essential Eight’s Maturity Level One. For busy IT teams, implementing all these measures can be daunting. They may not even know where to begin.
That’s where an Essential Eight Maturity Level One strategy comes in.
With an ML1 strategy that is customised to the unique circumstances of your organisation, your IT team will have a clear roadmap of measures they should take that will help them quickly align to ML1.
Virtuelle Security Essential 8 Consulting Team will work closely with your organisation to understand the cyber-risks you confront, as well as your existing capabilities and constraints. We will develop a customised roadmap that helps uplift your cyber-resilience so you can quickly get to Essential Eight’s Maturity Level One.
Contact us today for a free consultation and learn how Virtuelle Security can help protect your organisation.