White Alert and Advisory Announcement: Essential Eight

Computers and information technology - Management

At any given time, cyber-attacks are a potential threat to businesses around Australia and the world. Recent developments in Ukraine have increased the possibility of a wave of cyber-attacks which has the potential to also impact NATO countries in the coming months.

The Australian Cyber Security Centre (ACSC) has issued a warning that, while there is no current or specific threat to organisations in Australia, it is recommended to adopt an enhanced cybersecurity posture immediately.

While highly unlikely to be directly targeted, it is possible cyber-attacks on Ukraine could have worldwide consequences that reach Australia. There has been an increase in cyber-attacks against Ukraine in recent months, which promoted Australia to offer further cyber training and support to the Ukrainian government.

Experts have pointed to the NotPetrya attack on Ukraine five years ago, which spread and caused worldwide disruption to government and corporate agencies, as an example of the type of damage that could be possible. Cyber-extortion groups may be encouraged to increase their activity and target a broad range of Western countries.

What does this mean for my business?

While direct attacks on Australian companies is unlikely, the ACSC urges all organisations to urgently review and enhance their cybersecurity posture and implement the Essential Eight mitigation strategies as a baseline, to make it harder for malicious actors to compromise networks.

The Essential Eight strategies include:

Application control

Prevents malware from executing on systems, or unapproved applications being installed.

Patch applications

Are changes to a program or supporting data to update, fix, or improve it, including security vulnerabilities.

Configuring Microsoft Office macro settings

So macros can’t be created by malicious actors to infiltrate systems or gain access to data.

User application hardening

Turns off unnecessary features in applications to eliminate security vulnerabilities.

Restrict administrative privileges

To ensure limited users can make changes to security settings, operating systems, etc. This ensures less chance of malware being able to spread or data to be accessed without authorisation.

Patch operating systems

As quickly as possible after the patch is released, to avoid being exposed to malicious code.

Multi-factor authentication

Requires two or more identifiers to log on and gain access to business systems and data.

Regular backups

will help to recover any information lost if your company experiences a cyber incident or other disasters.

There are three maturity levels in the Essential Eight strategies, which show the level of compliance with each strategy.

Consider increasing your security now

A single cyber-attack could cause serious consequences for your business, so there is no time like the present to review and enhance your security detection, mitigation and response measures. How prepared is your organisation to respond to a cybersecurity event or data breach? Are your incident response and business continuity strategies up-to-date and robust?

Malicious actors are using more sophisticated techniques than ever before, to gain access to data and disrupt operations. Cybercriminals can maintain persistent access to systems, remaining undetected for weeks or months. They will often gain access utilising highly targeted spear-phishing and social engineering techniques. This allows cybercriminals to gain access to a target’s network without detection, then employ ‘living off the land’ techniques or continuously rewrite malicious code to evade being detected.

To ensure your organisation is secure and prepared for any cyber event, the cybersecurity experts at RODIN offer a range of managed security services and packages, designed to take the difficulty of deciding how to improve your business security posture. The RODIN Essential Eight package will ensure your business adopts the ACSC Essential Eight mitigation strategies and is protected before it is too late. Keep your company secure today with RODIN.

Subscribe to Our Newsletter

Sign up to receive all the latest news updates straight into your inbox.