With Australia reeling from yet another digital infrastructure failure through the ATO today and multiple digital security failures through large organisations in recent history, we thought it timely to talk to The Australian Governments new approach to cybersecurity. While not extensive, it looks to be providing the framework for better systems into the future. While no online system is perfect, there are definite methods to minimise issues before they arise. We’ve included a few details around the ‘Essential 8’, the cybersecurity framework developed by The Australian Signals Directorate.
This framework provides guidelines for organisations to improve their cybersecurity posture and protect against cyber threats. The Essential 8 is designed to be practical, achievable, and cost-effective for a wide range of organisations.
The Essential 8 consists of eight essential strategies or mitigation strategies that organisations can implement to enhance their cybersecurity resilience. These strategies are:
1. Application Whitelisting: This involves allowing only approved and trusted applications to run on systems while blocking unauthorised or potentially malicious software.
2. Patching Applications: Regularly applying security patches and updates to applications to address known vulnerabilities and weaknesses.
3. Configuring Microsoft Office Macro Settings: Configuring Microsoft Office to block macros from running in email attachments unless they are from trusted sources.
4. User Application Hardening: Implementing security settings in web browsers and email clients to block or minimise the impact of malicious content.
5. Restricting Administrative Privileges: Limiting administrative privileges to authorised personnel only, reducing the risk of unauthorised access and system compromise.
6. Patching Operating Systems: Regularly applying security patches and updates to operating systems to address known vulnerabilities and weaknesses.
7. Multi-Factor Authentication (MFA): Implementing MFA, which requires users to provide additional verification beyond a password to access systems or data.
8. Daily Backups: Regularly backing up critical data to enable recovery in case of data loss due to cyber incidents.
By implementing the Essential 8, organisations can significantly improve their resilience against common cyber threats and mitigate potential cybersecurity risks. The framework is regularly updated by the Australian Signals Directorate to adapt to emerging threats and ensure its effectiveness.
ACIT will be working closely to meet this framework and hopefully exceed it now and into the future. What is your business doing to ensure you can minimise the impact of a digital security breach?