Consider your cyber security

Background – what is a cyber incident and cyber security?

The Australian Cyber Security Centre (ACSC) defines a cyber incident as an unwanted or unexpected cyber security event, or a series of such events, that have a significant probability of compromising business operations.

As of this year, the ACSC has assessed that malicious cyber activity against Australia national and economic interests is increasing in frequency, scale, and sophistication due to society’s increased connectivity and reliance on technological platforms. The ACSC’s 2020-21 Cyber Threat Report revealed an increase in cyber crime by almost 13% from the previous year. The report also found that 25% of cyber incidents were associated with Australia’s critical infrastructure or essential services, including health care, food distribution and energy sectors. These mass infrastructure attacks emphasise the likely increase in disruption in essential services, loss of revenue and the potential for harm or loss of life.

Therefore, it is crucial that all organisations have strategic measures and processes in place that maximises the security of their systems, networks, programs, devices and data from cyber incidents. This is especially prevalent as adversaries, or hackers become more adept and advanced.  

The Essential Eight

Prior to implementing any practical strategies, organisations should identify their assets and perform a risk assessment to identify the level of protection required from various cyber threats. When implementing any changes, the first priority should be for high risk users and computers that have access or contain sensitive data, before then implementing changes for all other users and computers. Hands-on testing should then be conducted to gauge the effectiveness of the changes.

Organisations should be remined that the ACSC strongly recommends the implementation of the ‘Essential Eight’ mitigation strategies as a baseline. These strategies combined make it much harder for adversaries to compromise systems, by preventing malware delivery and execution. These Essential Eight mitigation strategies are:

  • Application control – to prevent execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers;

  • Patch applications – patching/mitigating computers with ‘extreme risk’ security vulnerabilities should be done within 48 hours and the latest version of applications should be always used when available. This is particularly important for common and popular applications like web browsers, Microsoft Office and PDF viewers for example;

  • Configure Microsoft Office macro settings – a macro is a stored sequence of commands or keyboard strokes. Macros from the internet should be blocked and only vetted macros should be permitted;

  • User application hardening – configure web browsers to block Flash, ads and Java on the internet;

  • Restrict administrative privileges – privileges to operating systems and applications should be based on user duties. These privileges should also be regularly reviewed in terms of necessity;     

  • Patch operating systems – patching/mitigating computers with ‘extreme risk’ security vulnerabilities should be done within 48 hours and the latest version of applications should be always used when available. Unsupported versions should not be used;

  • Multifactor authentication – should be in place for users when they need to perform a privileged action or access important data;

  • Regular backups – of important new/changed data, software and configuration settings in disconnected storage.

The ACSC provides a detailed table of strategies that also includes information on costs and the potential of user resistance. It can be found here: https://www.cyber.gov.au/acsc/view-all-content/publications/strategies-mitigate-cyber-security-incidents

Key Takeaways

As the world becomes increasingly digitised in sharing and collecting digital information, no public or private organisation can afford complacency about the risks of cyber-attacks. The recent conflict in Ukraine is a reminder of how unexpected and unpredictable threats to cyber security can be on a worldwide scale. Going forward, the ACSC’s advice and recommendations should be followed as much as possible to protect business’ technological platforms and minimise any harmful impacts if an attack does occur.   

No set of mitigation strategies is guaranteed to prevent all cyber security incidents. However, properly implementing the ‘Essential Eight’ strategies is so effective at mitigating targeted cyber intrusions and ransomware, that the ACSC considers these to be the new cyber security baseline for all organisations.

If you require any advice or guidance in respect of your organisation’s cyber security, please contact:

Paul Gray
Principal
T: 03 5225 5231 | M: 0414 195 886
E: pgray@ha.legal

Previous
Previous

The ATO’s Crypto Tracking and Data Collection Processes

Next
Next

The Online Safety Act 2021 – what it is and why you should care