Essential 8
The increasing incidence of cyber attacks by cyber criminals targeting organisations of all sizes in all sectors has highlighted the growing need to have the right cybersecurity measures in place. The methods behind many cyberattacks today are not new or innovative. Instead, the main trend is an increased rate and repetition of attacks.
Given the growth in the rate of attacks, the primary defence strategy is to get the IT security basics right. We base our assessments on the principals of the Essential 8 which are outlined by the Australian Cyber Security Centre (ACSC), making it a good foundation point for every organisation to commence assessing its security posture. make it short
​
​
1. APPLICATION CONTROL
​
This relates to the level of application control and constraints you have over user applications and the ability for staff to execute unapproved and malicious programs on workstations. This includes .exe, DLL, scripts and installers.
​
2. APPLICATION PATCHING
​
Updating third-party applications quickly is essential for ensuring the latest security updates and patches are in place. For example, using the latest version of applications and patches of web browsers, Microsoft Office, Java and PDF viewers. This requires frequent use of security vulnerability scanners to detect missing patches and updates as well as removing solutions that are no longer supported by their vendors.
​
3. MICROSOFT OFFICE MACRO SETTINGS
​
This is the amount of freedom your users have to run macros in Microsoft Office applications. Most users should have macros blocked as default unless they have a specific organisational requirement. Only allow vetted macros, either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.
​
4. USER APPLICATION HARDENING
​
Limitations should be placed on user
applications. At its most basic, web browsers should block Flash, ads and Java, with users unable to change these settings. Disable unneeded features in Microsoft Office (such as OLE), and in web browsers and PDF viewers. Internet Explorer 11 should also be disabled.
​
5. RESTRICT ADMINISTRATIVE PRIVILEGES
​
Tightly manage administrative privileges and access to operating systems and applications based on user duties. This includes regularly revalidating requests for privileged access to systems and applications, blocking privileged accounts from accessing the internet and using separate operating environments for privileged and unprivileged users. Privileged accounts should not be used for reading email and browsing the web.
​
6. OPERATING SYSTEM PATCHING
​
This focuses on keeping operating systems up to date to ensure that OS patches, updates, and security mitigations for internet-facing services are applied within two weeks of release. All computers and network devices with ‘extreme security risk’ vulnerabilities should be patched within 48 hours. Security Vulnerability scanners should also be used to identify any missing patches, and any OS that is no longer vendor supported should be replaced.
​
7. MULTI-FACTOR AUTHENTICATION
​
Enforce MFA for all privileged access. Turn on MFA for VPNs, RDP, SSH and other remote access, and for all users when they access an important data repository. Maturity starts by enforcing MFA for all users before they access internet-facing services and third-party providers.
​
8. DAILY BACKUP AND RECOVERY STRATEGY
Perform daily backups of important new or changed data, software and configuration settings. All unprivileged accounts should be restricted to their own backup environments. Store backups disconnected from the Internet and retain them for at least three months. Test restoration initially, annually and whenever IT infrastructure changes.