For those who are unaware, the Australian Signals Directorate (ASD) is part of the Australian government (Australian Intelligence Community) responsible for things such as securing information, cyber combat, and military support.
Revised in 2017, the ASD’s “Top 4 recommendations” around cyber security best practices became the ASD Essential 8, being the 8 things you should be doing as a minimum to help keep your business protected from cyber threats. According to the Australian Cyber Security Centre, if implemented properly, they help to mitigate up to 85% of cyber threats.
Essentially (no pun intended), The ASD Essential 8 involve implementing policies and strategies within your business systems and applications so there is a reduced risk of an external party finding their way in without authorisation.
So, what are they?
- Application control
- Patch applications
- Configure Microsoft Office macro settings
- User application hardening
- Restrict administrative privileges
- Patch operating systems
- Multi-factor Authentication
- Daily backups
Application whitelisting allows you to specify which apps are allowed to run on your system to prevent any malicious activity.
Keep your applications up to date – it will mean there are less vulnerabilities for those with bad intent to exploit.
Sometimes malicious scripts are hidden in Microsoft files – if opened and run, a user could infect their whole company. Configuring the macros correctly means the scripts will be blocked from running.
Ensure that your web browser blocks apps such as Flash and Java means there are less ways for malicious code to enter your system through this popular deployment scheme.
Regularly evaluate who has administrator or high-level access to your systems and whether they require that level of access as it will reduce the risk of one of those accounts getting compromised.
Keep up to date with the latest versions of operating systems – using unsupported/outdated versions means leaving your system open to vulnerabilities being exploited.
Enabling MFA for all users significantly reduces the risk of an account being compromised as the cybercriminal would need access to the device the authenticator is set up (usually a mobile) instead of just using the password.
Maintaining regular offsite backups for your critical systems and data means that even if you do experience a cyber incident, you will be able to recover quickly with minimal disruption to operations.
The ACSC has developed a “Maturity Model” in which there are 3 different levels depending on how much of the essential 8 guidelines you implement in your business. You can find a breakdown of what counts towards each level in their eBook here. It is recommended that all businesses aim to reach level 3 for all 8 components as a minimum.
They should not be considered a checklist strategy but implemented as a whole – they are designed to work together, not individually. If you haven’t already implemented any of the strategies in your business, then it is strongly recommended you do this ASAP.
Whilst many of these items may seem a no brainer for some, it is very rare to see an organisation that has fully taken the opportunity to explore these guidelines and how they have or can be implemented into their business. As a company, ONGC has built an extensive security review process that not only covers the ASD essential 8 model but also includes a plethora of additional checks and balances to provide you with a clear assessment of your security posture. This enables us to build a security framework for your organisation that helps reduce risk and increase uptime. Give us a call to see how you can improve your security posture.