AES 8 - Cyber Security Compliance
Overview of the Australian Essential Eight
The Essential Eight is a set of cybersecurity strategies developed by the Australian Cyber Security Centre (ACSC) to help organizations mitigate the most common types of cyber threats. The Essential Eight framework is based on the principle of "cyber hygiene," which involves taking proactive steps to protect against cyber threats before they occur.
The Essential Eight consists of the following strategies:
- Application whitelisting: Only allow approved applications to run on your systems.
- Patching applications: Apply security patches to applications as soon as they become available.
- Patching operating systems: Apply security patches to operating systems as soon as they become available.
- Configuring Microsoft Office macro settings: Configure Microsoft Office macro settings to block macros from the internet and only allow vetted macros either in 'trusted locations' with limited write access or digitally signed with a trusted certificate.
- Restricting administrative privileges: Only allow users who require administrative privileges to have them.
- Multi-factor authentication: Use multi-factor authentication to verify user identities.
- Daily backups: Regularly back up your data to prevent data loss in the event of a cyber incident.
- User education: Train users on how to identify and report suspicious activity.
Implementing the Essential Eight framework can significantly reduce an organization's risk of cyber incidents. The team at Crash Technology is constantly working on making your IT compliant with Essential 8.
Cybersecurity Alert: The Rise of Ransomware and Session Hijacking
Ransomware attacks have become a pervasive and significant threat to organizations of all sizes across various industries.
We hosted a webinar on Rise of Ransomware and Session Hijacking on Thursday 9th August 2023 at 11am - Please email for a link to the recording.
The main topics being covered are
Current Ransomware Trends
Ransomware attacks have evolved and become more sophisticated, posing an increased risk to businesses. We explore the latest trends in ransomware, including:
- Double Extortion: Attackers have adopted a new tactic known as "double extortion." In addition to encrypting files, cybercriminals also exfiltrate sensitive data before encrypting it, threatening to leak it if the ransom is not paid. We discuss strategies to mitigate the impact of this dual threat.
- Targeted Attacks: Ransomware attacks are increasingly targeting specific industries or organizations. We highlight sectors at higher risk and share insights into the motives behind these targeted attacks.
- Ransomware-as-a-Service (RaaS): The rise of RaaS platforms has made ransomware more accessible to even novice cybercriminals. We examine the implications of this shift and offer recommendations to counteract RaaS-based attacks.
Preventive Measures
Preventing ransomware attacks is crucial for safeguarding your organization's data and operations. We provide practical advice on implementing preventive measures, including:
- User Awareness Training: Educating employees about the risks of phishing emails, malicious links, and suspicious attachments is paramount. We discuss the importance of ongoing training programs to build a vigilant workforce.
- Strong Security Hygiene: Ensuring robust security measures, such as regularly updating software and operating systems, applying security patches promptly, and using up-to-date antivirus software, helps protect against known vulnerabilities.
- Secure Backup and Recovery: Implementing a comprehensive backup and recovery strategy is vital. We outline best practices for creating backups, securing backup data, and testing the restoration process to ensure readiness in the event of an attack.
Incident Response Strategies
In the unfortunate event of a ransomware attack, a well-defined incident response plan can minimize damage and facilitate recovery. We provide guidance on developing an effective incident response strategy, including:
- Incident Detection and Reporting: Establishing robust monitoring systems and early detection mechanisms can help identify ransomware attacks promptly. We outline the key indicators of a potential attack and emphasize the importance of reporting incidents immediately.
- Containment and Mitigation: Taking swift action to contain the attack and prevent further spread is crucial. We discuss containment strategies, including isolating affected systems, disabling network access, and shutting down compromised accounts.
- Engaging with Law Enforcement: In certain cases, involving law enforcement agencies can aid in investigations and potentially help recover encrypted data. We provide guidelines for reporting incidents and working collaboratively with law enforcement.