Cyber security is essential to protect you and your organisation from cyber threats.
As ‘adversaries’ that seek to infiltrate your network get smarter, you need to stay as far ahead of them as you can.
The Australian Cyber Security Centre (ACSC) has developed what it calls ‘the essential eight’, a series of practical risk management strategies that organisations should implement to help them avoid the time, money and effort involved in responding to large-scale cyber security incidents.
The first four are mitigation strategies to prevent malware delivery and execution:
• Control applications that run on your network – non-approved applications can include malicious code.
• Apply patch applications promptly and use the latest versions of applications – security vulnerabilities can be used to execute malicious code.
• Configure your settings to block macros from the internet, enabling only those that are security vetted.
• Configure web browsers to block Java, Flash and adverts, as they are popular ways to deliver and execute malicious code.
Three mitigation strategies limit the extent of cyber security incidents:
• Restrict admin privileges based on users’ duties and revalidate the need for privileges regularly – admin systems can give adversaries full access to information and systems.
• Patch operating systems – security vulnerabilities can be easily used to compromise operating systems.
• Use multi-factor authentication for all remote access to your system – stronger user authentication makes it harder for adversaries to access sensitive information and systems.
The final of the essential eight is a strategy to recover data and ensure system availability:
• Do daily backups of important, new and changed data, software and configuration settings. Store backups separately from your network and retain them for at least three months. Test your backup restoration initially, regularly, and whenever your IT infrastructure changes.
You can read more about the essential eight here. ACSC advises organisations to customise implementation of the essential eight according to what they perceive are the most dire threats against their networks.
Once the essential eight basics are in place, organisations should focus on increasing the maturity of their implementation.
When Australia was impacted by a cyber attack in mid-2020 from an overseas threat, Prime Minister Scott Morrison advised private and public sector organisations to implement the essential eight. JMD Ross uses the essential eight as the basis for all discussions with clients on their cyber risk management strategies.
To discuss your risk management and insurance requirements, please contact: