Story image

Under attack? These four things will mitigate most cyber breaches

10 Mar 2016

By Daryl Haines, security principal, Pure Hacking

Cyberattacks are a fact of life for Australian business. According to CERT Australia[1], there were 11,733 cyberattack incidences affecting Australian business in 2014-15, and of those, 218 involved systems of national interest and critical infrastructure.

So what can you do prevent an attack and not become another statistic?

A good way to look at it is to engage the Pareto Principle, also known as the 80/20 rule, which states that--for many events--roughly 80 per cent of the affects come from 20 per cent of the causes.

The Australian Signals Directorate (ASD), formerly known as the Defence Signals Directorate (DSD), found this to be true when it looked at security incidents it had investigated, as well as the results from vulnerability assessments and penetration testing.

The ASD came up with a list of the top 35 security strategies that can mitigate most cyber intrusions, and found that just four of these strategies would have mitigated at least 85 per cent of the intrusions the ASD responded to. It now refers to these as the ASD Top 4 Mitigation Strategies to Protect Your ICT Systems.

According to the ASD the Top Four strategies are:

  • Use application whitelisting to help prevent malicious software and unapproved programs from running
  • Patch applications such as Java, PDF viewers, Flash, web browsers and Microsoft Office
  • Patch operating system vulnerabilities
  • Restrict administrative privileges to operating systems and applications based on user duties

Recent research from security vendor Avecto took this one step further and found that just one control - removing administration rights from users--would have mitigated 80 per cent of the Microsoft vulnerabilities reported over the past year. When you narrow this down to Microsoft vulnerabilities rated as Critical, the figure rises to 97 per cent.

It’s clear then that some controls are more significant than others, and a good security program would prioritise those controls that have the greatest effect.

It makes sense from a risk perspective, and it also makes sense when considering return on investment (RoI). On this point the ASD has also provided useful guidance, giving each of the Top 35 Security Strategies ratings based on key criteria such as the cost of implementation and maintenance, user resistance to the control being implemented, as well as the ability to both detect and prevent intrusions.

The ASD Top 35 is a great reference point for any organisations that wish to assess their risk of cyber-intrusion.

Daryl Haines is principal consultant - Governance, Risk & Compliance at Pure Hacking. With over 15 years’ experience, he is an expert in security governance, risk and compliance specialising in ISO 27001 Information Security Management and Payment Card Industry Data Security Standard (PCI DSS) compliance.

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.