The ACSC Essential Eight: 8 Risk Mitigation Strategies Explained
Cyber threats are growing and evolving daily, becoming a menace to businesses, institutions, and individuals alike.
During the 2021-22 financial year, the Australian Cyber Security Centre (ACSC) received more than 76,000 reports of cybercrime. This marked a nearly 13% rise compared to the previous year. On average, that’s one report every seven minutes, compared to every eight minutes the previous year. You may feel the sting of these threats as they lead to daunting issues like data breaches and system disruptions.
The ACSC Essential Eight refers to risk mitigation strategies specifically designed to curb the growing cyber threat. By the end of this article, you’ll understand how these tactics can fortify your digital presence and provide you with the tools to tackle these cyber challenges head-on.
Working with a managed services provider is crucial for complying with the Essential Eight strategies. They offer expertise in implementing and managing the required security measures, ensuring your business is in line with best practices. KM Tech (https://kmtech.com.au/) is an example of a reliable managed services provider that can guide you toward enhanced cybersecurity and compliance. Their experienced team can help you navigate the complexities of the Essential Eight, providing comprehensive support for your digital security needs.
1. Application whitelisting: an extra layer of security
Application whitelisting only allows authorised applications to run. This strategy is critical because it stops unwanted, potentially harmful software dead in its tracks.
Limiting access to only pre-approved applications throws a robust first line of defence against threats, making your system a hard nut to crack for malicious actors. It’s a proactive measure, helping you stay one step ahead of the cyber threat game.
Checking programs against a pre-defined approved list and blocking all programs not on this list
So unapproved programs, including malware, are unable to start and preventing attackers from running programs which enable them to gain access or steal data
2. Patch applications: keeping systems up-to-date
Think of patching applications as keeping your digital armour in top condition. Regular updates mend any vulnerabilities, ensuring your armour remains robust against cyber attacks.
Consistently updating your applications isn’t just a good-to-do task—it’s a must. These patches often fix security flaws that cybercriminals can exploit. Regular updates allow you to stay ahead, fortifying your defence line and making it more challenging for those unwanted cyber guests to get in. It’s an easy yet vital step to ensure you’re not leaving any doors ajar for threats to sneak in.
Apply security fixes/patches or mitigations (temporary workarounds) for programs within a timely manner (48 Hours for internet reachable applications). Do not use applications which are out-of-support and do not receive security fixes
Unpatched applications can be exploited by attackers and in the worst case enable an attacker to completely takeover an application, access all information contained within and use this access to access connected systems
Is your business compliant with the ACSC Essential Eight?
Take our self-assessment to help you understand your cyber security posture in relation to the Essential 8 maturity model.
3. Configuring Microsoft Office macro settings: safeguarding your Office suite
Who would think your trusty Word or Excel document could turn against you? Well, without properly configured Microsoft Office macro settings, it’s possible. When appropriately tweaked, these settings keep you safe from hidden malicious code lurking in your documents. By disabling macros from documents received from the Internet, you’re essentially shutting the door on potential threats.
Only allow Office macros (automated commands) where there is a business requirement and restrict the type of commands a macro can execute. Also, monitor usage of Macros.
Macros can be used to run automated malicious commands that could let an attacker download and install malware
4. User application hardening: enhancing the resistance of your applications
User application hardening is all about fortifying your applications to withstand potential attacks. By reducing the attack surface, you’re essentially narrowing the opportunities for cybercriminals to exploit vulnerabilities.
This strategy works by implementing security measures such as turning off unnecessary features, removing or disabling default accounts, and configuring applications to enforce secure settings. By doing so, you’re limiting possible entry points for threats.
Configure key programs (web browsers, office, PDF software, etc) to apply settings that will make it more difficult for an attacker to successfully run commands to install malware
Default settings on key programs like web browsers may not be the most secure configuration. Making changes will help reduce the ability of a compromised/malicious website from successfully downloading and installing malware.
ACSC Essential Eight Practices Guidance For Australian Business
5. Restricting administrative privileges: mitigating unauthorised access risks
- In the realm of cybersecurity, the concept of privilege restriction is crucial. It’s all about providing only the necessary privileges to users and preventing unauthorised access to critical systems and sensitive data.The importance of this strategy can’t be overstated. Internal threats can pose a significant risk to organisations through accidental mishaps or malicious intent. By implementing strict controls and granting administrative rights only to trusted individuals who require them for their roles, you reduce the likelihood of internal threats and minimise the potential damage they can cause.
Limit how accounts with the ability to administer and alter key system and security settings can be accessed and used.
Administrator accounts are ‘the keys to the kingdom’ and so controlling their use will make it more difficult for an attacker to identify and successfully gain access to one of these accounts which would give them significant control over systems
6. Patching operating systems: the backbone of cybersecurity
Regularly patching your operating system is a foundational pillar of robust cybersecurity. It’s a proactive measure that ensures your digital infrastructure remains resilient, fortified against the evolving cyber threat landscape.
Operating system patches aim to address known vulnerabilities and security weaknesses that cybercriminals can exploit. These include critical updates, bug fixes, and security enhancements provided by the operating system vendors.
Apply security fixes/patches or temporary workarounds/mitigations for operating systems (e.g. Windows) within a timely manner (48 Hours for internet-reachable applications). Do not use versions of an Operating system that are old and/or not receiving security fixes
Unpatched operating systems can be exploited by attackers and in the worst case enable an attacker to completely takeover an application, access all information contained within and use this access to access connected systems
7. Multi-factor authentication: an essential lock on the digital door
Multi-factor authentication (MFA) provides additional security to protect your accounts and sensitive information. It requires a user to provide multiple pieces of evidence to verify their identity, making it significantly harder for unauthorised individuals to gain access.
In a 2021 survey by Statista, over 50% of the respondents reported using an authenticator app for their companies’ security. Additionally, 37.4% utilised one-time passwords for added protection.
MFA typically combines something you know (such as a password), something you have (such as a verification code sent to your phone), and something you are (such as biometric data like fingerprint or facial recognition). It adds an extra barrier for attackers attempting to breach your accounts.
A method of validating the user logging in by using additional checks separate to a password such as a code from an SMS/Mobile application or fingerprint scan.
Makes it significantly more difficult for adversaries to use stolen user credentials to facilitate further malicious activities
8. Regular Backups
Regular backups are a crucial component of any comprehensive risk mitigation strategy. They act as a safety net, allowing you to recover your data and systems in the event of a cyber incident or system failure. Creating and maintaining up-to-date backups ensures that even if your data is compromised or lost, you have a fallback option.
Regular backups should include critical files, databases, configurations, and other vital data necessary for your operations. Automating this process is recommended to ensure consistency and minimise the risk of human error. Regularly testing the integrity of your backups is equally important to ensure their reliability.
Regular backups of important new or changed data, software and configuration settings, stored disconnected and retained for at least three months. Test the restoration process when the backup capability is initially implemented, annually and whenever IT infrastructure changes.
To ensure information can be accessed following a cyber security incident e.g. a ransomware incident.
Challenges to improving cyber security maturity
Implementing an effective cyber security program within an organisation comes with similar challenges to implementing any new program, especially when it comes to prioritising resources. Understanding possible barriers will enable you to overcome them as a part of their cyber security improvement strategy. Common challenges voiced by organisations can include:
- We lack the resources (staff and or funding): We must assess our current resources and determine where we can optimize staff and funding allocation for cyber security initiatives. Leveraging external expertise through partnerships or managed services can also be a cost-effective solution.
- We are not sure that we have the knowledge or skills necessary to successfully implement a cyber maturity program: To overcome the knowledge and skill gaps, investing in training and development programs for our team members is crucial. This will empower them to effectively implement and manage a cyber maturity program.
- We are often faced with having to prioritise other organisational objectives: It’s essential to align cyber security objectives with the broader organizational goals. By highlighting the importance of cyber security in achieving overall success, we can secure the necessary support and prioritize cyber initiatives.
- We have often managed cyber security ad hoc and not as an endorsed project or program of work: Transitioning from ad hoc management to an endorsed project or program ensures a structured and comprehensive approach to cyber security. This enhances accountability and facilitates better risk management.
- We can come across resistance when influencing internal stakeholders: Overcoming internal resistance requires effective communication and engagement with stakeholders at all levels. Demonstrating the potential impact of cyber threats and the benefits of security improvements can garner support.
- We’ve found that some self-assessments can sometimes lead to overestimating maturity and not identifying actions for improvement: When conducting self-assessments, we must remain objective and thorough. Utilizing external assessments or third-party audits can provide unbiased evaluations and uncover areas for improvement.
By adopting these key actions, we can strengthen our cyber security posture and proactively defend against evolving threats, safeguarding our organization’s digital presence and reputation. Together, we can build a resilient and secure future for our company.
A word from the Technical Director at KMT
“In conclusion, understanding and implementing the ACSC Essential Eight risk mitigation strategies are paramount for our organisation’s cyber security defence. These comprehensive measures not only address the most common cyber threats but also empower us to proactively safeguard our digital assets. As a Technical Director, I am committed to fostering a culture of cyber resilience and continuous improvement within our company. By adhering to the ACSC Essential Eight guidelines, we can bolster our cyber security posture and effectively mitigate potential risks.”
Scott Mathrick, Technical Director & Co-founder at KMT
In today’s digital landscape, where cyber threats loom large, implementing the ACSC’s Essential Eight risk mitigation strategies is more critical than ever. The key takeaway from this discussion is that effective cybersecurity is a proactive, not reactive, approach.
Implement the Essential Eight within your cybersecurity practices to enhance your digital safety. You’ll fortify your digital defences and significantly reduce the risk of cyber threats. Stay vigilant, stay informed, and make cybersecurity a top priority.