Aron Farrugia, Senior Security Specialist:
There are simple strategies your organisation can take to guard against cyber intrusion. These techniques have been around for a while now, but they are worth revisiting.
According to the Australian Signals Directorate (ASD), at least 85% of cyber intrusions involve adversaries using unsophisticated techniques to attack vulnerable systems.
As an intelligence agency in the Australian Government Department of Defence, the ASD have been helping keep Australia secure since the Second World War, when they were intercepting Japanese radio signals as part of the war effort. These days, one of the main functions of the ASD is to provide information security advice and services to Australian federal and state government agencies.
The ASD advise that it should never be assumed an organisation’s information is of little or no value. Adversaries are not just looking for classified information: A lot of activity the ASD observed has an economic focus, looking for information that includes business dealings, intellectual property and data. However, the ASD says there are four relatively simple strategies that can be easily implemented to protect ICT systems:
1. Application Whitelisting
When implemented correctly, application whitelisting of permitted or trusted applications can make it harder for an attacker to compromise a system. Whitelisting can prevent the execution of malicious or unapproved programs, including .DLL files, scripts and installers.
2. Patching applications and using the latest versions
Patching applications includes commonly used commercial programs and platforms, including Java, PDF viewers, Flash, web browsers and Microsoft Office. Older versions of common programs such as these are particularly vulnerable to security threats.
3. Patching operating systems and using the latest versions
Patching operating systems includes using the latest suitable operating system version. Note that, with support having ended in April 2014 and many known security issues, Microsoft Windows XP is particularly vulnerable and should be avoided. As it can take as little as 8 hours, or more generally 48 hours before adversaries release malware to exploit a publicly announced security flaw, the ASD advises that systems with ‘extreme risk’ should be patched, or security threats mitigated, within two days.
4. Minimising administrative privileges
Minimising administrative privileges means limiting access to operating systems and applications based on user duties. To further mitigate security breaches, administrative users should use a separate, unprivileged account for email and web browsing.
Note that the most likely targets for a cyber attack include:
- Senior executives and their assistants
- Help desk or IT staff with administration privileges
- Users with access to sensitive information which may be used for strategic or economic advantage
- Remote access users
- Users such as Human Resources, who may interact with public email job applications and attachments
Implementing the four strategies as advised by the ASD can go a long way to creating defence-in-depth. More information can be found on the Top 4 Mitigation Strategies page on the ASD website.
Additional Security Best Practices
As a best practice approach, JKVine also recommends additional mitigations against cyber intrusion, including:
- Strengthening workstation defences
- Enforcing strong user authentication
- Protecting your email service
- Defending the web gateway and hardening web applications
- Monitoring your system infrastructure and your network
- Educating users about social engineering
JKVine takes security seriously, and specialises in assisting organisations protect the privacy of their customers. For more information on how we can assist keep your valuable information secure, please see our Security Testing page or contact us directly.