No matter your organization’s maturity, industry, or business goals, cybersecurity should always be top of mind. Considering the Australian Cyber Security Centre (ACSC) recorded a staggering 76,000 cybercrime reports in the 2022 financial year, it’s safe to say that all organizations are at risk for an incident or breach.
Of course, implementing cybersecurity controls and building a strong security posture is easier said than done — it’s a long journey that includes financial, logistical, human, and business obstacles along the way. Thankfully, the ACSC is here to help. They’ve developed the Essential Eight, a set of prioritized mitigation strategies organizations should implement for building cyber resilience to reduce the likelihood and impact from cyber attacks.
The eight mitigation strategies focus on prevention, limitation, and recovery — and are ranked on four levels of maturity, from Level 0, which signifies weaknesses in the organization’s overall cybersecurity posture, to Level 3, which focuses on mitigating adversaries that are skilled in exploiting their target’s weaknesses. Although the Essential Eight is tightly focused on providing guidance on protecting Microsoft Windows-based systems, many of the mitigation strategies can be applied to other operating systems.
What Are the Essential Eight Mitigation Strategies?
1. Application Controls
Application controls are designed to protect your systems against malicious code by allowing only approved and trusted programs to execute within your environment. Execution is granted only to those who are authorized to do so. The scope of these controls applies to both workstations and servers.
Application controls help mitigate the potential impact of cyber attacks. Malware is created and discovered each day. As a result, many traditional security technologies fail to provide adequate protection.
2. Application Patching
Patching applications is about applying updates that are intended to fix programs, closing security holes or adding features enabling you to prevent threat actors from gaining access to systems and sensitive information. Once a patch is released by a vendor, the patch should be applied in a timeframe commensurate with an organization’s exposure to the security vulnerability.
Software vulnerability discoveries are increasing every year. They create weaknesses which can be exploited by threat actors to infiltrate your environment. It is important to apply security patches as soon as possible because hackers will seek to actively develop exploits and scan for unpatched systems to target.
3. Microsoft Office Macro Configurations
Microsoft Office macros allow you to configure how Microsoft Office applications behave. Macros are a set of programming instructions which can be used to automate repeated and standardized tasks. This provides useful and legitimate functionality within Microsoft documents. While macros are essentially bits of computer code used for productivity and efficiency gains, they have also been used as vehicles for malware.
Macro malware can hide within Microsoft Office files. These documents can contain built-in macros which can be dangerous. They have often been used for malicious purposes by malware authors to compromise the operating environment of both large and small organizations.
4. Harden User Applications
User application hardening is focused on reducing this attack surface from Microsoft Windows by implementing effective controls. This helps reduce the ability for would-be attacks to leverage the Windows operating environment in an undesired manner.
Application hardening makes it more difficult for cybercriminals to exploit vulnerabilities or at-risk functionality in your organization’s applications. In hardening user applications, you are minimising the risk of cyber attacks which protects your business and data from malicious actors.
5. Restrict Administrative Privileges
If a hacker can gain administrative privileges, they have the proverbial “keys to the kingdom.”
If an administrator’s account is successfully targeted by an attacker, the limited privileges will restrict what the attacker has access to, making it difficult for them to successfully steal your data. Ensuring your administrative users have individual accounts, attributable to each staff member, means you can track and log exactly what each administrator is doing and audit what they have done, should an investigation occur.
6. Patch Operating Systems
Patching operating systems is fundamentally crucial to secure systems. The primary goal is to ensure that patches, updates, and mitigations are readily applied to workstations, servers, and network devices. Time is of the essence in patching. Ideally, when a vendor releases a patch, it should be deployed within 48 hours for effective mitigation of critical vulnerabilities on internet-facing systems.
Hackers can take advantage of weaknesses to attack unpatched systems. It is one of the most common methods used to successfully compromise an organisation.
7. Employ Multi-Factor Authentication (MFA)
MFA provides an additional layer of security by requiring the user to supply two or more forms of authentication, such as a username and password, a security code, biometric data, or a physical token, e.g., something you know, something you have, or something you are.
Having strong authentication with multiple layers limits the ability for a malicious actor to guess or steal a compromised credential. Requesting users supply two or more forms of authentication reduces the likelihood of malicious actors gaining access to an account or system.
8. Complete Regular Backups
A disaster recovery plan is crucial to ensuring business continuity. It is essential to perform, maintain, and test backups of important data, software, and configuration settings. By conducting this activity regularly, you give your organization confidence in its ability to preserve critical business information and intellectual property while minimizing business disruptions.
Ransomware is a common cyber attack that may delete, modify, or disrupt access to your data. In the case of a data breach or system compromise, it may be necessary to recover critical information from a backup to an agreed point of restoration.
Arctic Wolf and The Essential Eight
Arctic Wolf’s suite of security solutions can help your organization master the Essential Eight and reduce cyber risk. No organisation can achieve a strong security posture solo, and partnering with Arctic Wolf can reduce cyber risk and help your organization meet your security and business goals.
Arctic Wolf’s outcomes, led by cutting-edge technology and a Concierge Delivery Model, include:
- Understanding of Essential Eight maturity levels and requirements
- Identifying current alignment and target tier maturity objectives
- Assisting you with customizations leveraging the Arctic Wolf® Platform
- Explaining customer responsibilities, supporting tools, and resources
Learn more about the Essential Eight, and how Arctic Wolf can help your organization understand and implement the recommendations, with “ACSC Essential Eight Cyber Mitigation Strategies: The Arctic Wolf Approach.”