Strong cybersecurity strategies have become mission critical, because business interruption leads to financial loss, employee and customer dissatisfaction and subsequent loss of relationships, as well as damage to your integrity and reputation. So the question is: How can you reduce and mitigate cybersecurity risk?
In recent years, the Australian Federal Government has invested in this issue through a series of Cyber Security Strategies. The most recent in 2020 involved a pledge of A$1.67 billion over ten years. One of the many ongoing activities was the establishment of the Australian Cyber Security Center (ACSC), which is responsible for development of Strategies to Mitigate Cybersecurity Incidents – to help organizations protect themselves against various cyber threats.
First published in 2017, the ACSC Essential Eight Maturity Model it is a list of countermeasures that all government agencies and private organizations should implement in their ICT systems. It details how each of the eight will be implemented as an organization’s cybersecurity capabilities progress through maturity levels.
In this article, I will focus on five of the Eight Essentials, and specifically their recommendations for protecting end-user devices.
Mitigation Strategy 1: Application Control
The Essential Eight Maturity Model describes application control, maturity level one, as: Execution of executables, software libraries, scripts, installers, compiled HTML, HTML applications, and control panel applets is prevented on workstations from Standard user profiles and temporary folders used by the operating system, web browsers, and email clients.
The challenge is that since users use multiple devices, some of which they own, and many of which are currently working from home, how can you know exactly which apps are installed and running on their devices?
Then there is shadow IT, which can be far from secure.
What you need to protect your systems and data is a monitoring tool that shows you the real user experience on each device. Clear visibility into which applications are running on which user devices in your fleet gives you greater control and therefore security.
channel | motherhood It gives you an overview of any rogue apps such as WhatsApp, Dropbox, or Torrent, then lets you drill down by country, department, and individual device name, giving you the information you need to target and remove commonly exploited consumer apps.
Mitigation Strategy 2: Patch Applications
Vendor patches, updates, or mitigations for security vulnerabilities in Internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists.
Outdated versions of applications on user devices are a major source of vulnerabilities. In addition to not containing bug fixes to eliminate possible backdoors, they do not provide the best user experience or new application features.
channel | motherhood identifies all versions of each of your corporate applications, such as Microsoft 365, Citrix, and Acrobat Reader, used by your workforce. For example, many organizations find that their users are running 30 or more versions of Citrix Receiver or AutoCAD, even outdated versions of Zoom or Microsoft Teams.
This allows IT administrators to identify exactly how many application versions are being used, which of their users have outdated versions, and then take steps to apply relevant patches to devices.
Mitigation Strategy 3: Harden User Applications
Web browsers do not render Java from the Internet. Web browsers do not process Internet web advertisements. Set web browsers to block Flash (ideally uninstall it), ads, and Java on the Internet.
As of December 2020, Adobe no longer issued Flash Player security patches, maintained operating system or browser compatibility. This creates a security vulnerability for cyber attacks. Meanwhile, Java is vulnerable to log injection attacks and trust exploits that follow access control vulnerabilities.
Both executable services are known sources of cyber vulnerabilities, such as malware downloads. According to the ACSC’s recommendations, web browsers should not be allowed to render Java or web advertisements via Flash Player from the Internet.
channel | motherhood enables IT teams to accurately identify which applications and devices are running Flash Y Java – executables vulnerable to hackers. Importantly, it also allows IT to see the implications for applications and users before blocking Flash and Java, so they can take necessary action first.
Mitigation Strategy 4: Restrict Administrative Privileges
Requests for privileged access to systems and applications are validated when they are first requested. Privileged accounts (excluding privileged service accounts) cannot access the Internet, email, and web services.
According to data breach reports, malicious or accidental misuse of administrative privileges remains a significant vulnerability. Administrative accounts are the ‘keys to the kingdom’. Malicious insiders or external attackers can use these accounts to gain unauthorized access to information and systems from inside or outside the organization.
The Essential Eight prescribes a variety of processes to tightly control privileged access. These include validation at establishment, limitations on external access, and, at higher levels of maturity, automatic revocation of privileges after some time of inactivity, and disabling after 12 months, unless revalidated.
Because the historical administrative accounts containing the ‘keys to the kingdom’ may lie dormant if forgotten, channel | motherhood offers full visibility into current holders by username, device name, department, and IP address. This allows IT to review and validate administrator privileges, closing loopholes that could be exploited by contractors or former employees.
Mitigation Strategy 5: Patch Operating Systems
Vendor patches, updates, or mitigations for security vulnerabilities in Internet-facing services’ operating systems are applied within two weeks of release, or within 48 hours if a vulnerability exists.
Most environments run a wide range of operating systems on user devices. Microsoft provides regular security updates to the operating system, but once this support service ends (specifically Windows 7), the operating system will no longer receive security updates, leaving users’ devices unprotected against attacks and exploits.
channel | motherhood displays the full range of operating systems in your environment. Your administrators can then drill down to identify unpatched devices by location, department, and individual device name. Another benefit is that when you decide to migrate to new versions, such as from Windows 10 to 11, it’s quick and easy to identify which devices you want to upgrade.
Visibility strengthens security
The ability to progress through the Eight Essentials Maturity Model has a lot to do with visibility. Without a clear picture of potential security vulnerabilities on all devices that access corporate assets, IT has little chance of limiting them.
Since user devices are often the ‘wild cards’ in your defenses, a first step is to gain the visibility you need to take action. channel | Aternity offers a number of valuable tools to help implement and then maintain proven mitigation strategies to reduce compromises.
About Ariane Paguia
Ariane Paguia is a Digital Experience Management Specialist at Riverbed | The Aternity team is responsible for helping Asia Pacific customers maximize visibility and performance across networks, applications, and end-user devices, so they can fully capitalize on their cloud and digital investments. She specializes in the design and implementation of end-to-end visibility solutions based on Riverbed | Aternity.