Strategies for Mitigating Cyber Intrusions

by

Strategies for Mitigating Cyber Intrusions

Cyber intrusions worrying you? Looking for some basic strategies that your IT team can use to mitigate cyber intrusions? Here are four tips, courtesy of the Australian government.

As part of its mission, the Australian Signals Directorate, an Australian government intelligence agency, provides advice and assistance on information and communications security (also known as InfoSec). Although ASD serves mainly Australian federal and state government agencies, occasionally the rest of us can learn from its advice on cyber intrusions as well.

Recently, the ASD announced that at least 85 percent of the targeted cyber intrusions that it responds to could be prevented by following these Top 4 mitigation strategies, which I’d like to share with you. Ranked in order of effectiveness, here are ASD’s:

Top 4 Strategies for Mitigating Targeted Cyber Intrusions

  1. Use application whitelisting to help prevent malicious software and unapproved programs from running.
  2. Patch applications such as Java, PDF viewers, Flash, web browsers and Microsoft Office.
  3. Patch operating system (OS) vulnerabilities.
  4. Restrict administrative privileges to operating systems and applications based on user duties.

The ASD based its rankings on its analysis of reported security incidents and vulnerabilities detected by ASD in testing the security of Australian government networks.

Let’s take a brief look at each.

Application Whitelisting

Whitelisting protects computers and networks from harmful applications that invite cyber intrusions. When you develop a “whitelist” of applications that are authorized to run on a computer system, that register can serve as a robust defense against the execution of malicious and other unapproved software. An app is not allowed to run unless it is explicitly approved and listed as “okay to run.” Don’t confuse this with a blacklist in which all apps can run except those rogue apps listed in the register.

Application Patching

Software vendors release patches and/or updates for their apps routinely, as issues are discovered. Because these patches typically fix security risks and other bugs, they should be applied and tested swiftly. They will mitigate cyber intrusions as well as improve stability, usability and performance.

OS Patching

OS patching should not be neglected for similar reasons. OS patches and/or updates, which are released by OS creators on a regular basis, address multiple OS issues such as security holes and critical version updates. Apply these patches as soon as they are released. Why? Once an OS patch or update is released, the details of the identified vulnerability are also made public. That means hackers are now aware of these weaknesses and can rapidly develop malware to target them. The longer it takes for you to apply an update across all of your devices, the greater your risk of falling victim to an attack.

If the OS creator no longer provides updates for a particular OS that you are still continuing to use, then you are also at high risk of a cyber intrusion. If a new vulnerability emerges for that old OS, an update to remove the vulnerability may never be made available. The malicious individuals who write viruses will use this to their advantage as they prey upon computers that are still running an unsupported OS.

Administrator Privileges

It’s a well known fact that cyber intrusions often target users with admin rights for devices and networks. These users have administrative privileges that allow them to bypass critical security settings in order to access sensitive data and apps. The best defense is ensuring that only essential users have administrator privileges. Develop a solid policy for application and user privilege management. It will enable your company to remove administrator rights from non-essential users.

So how does your organization stack up against these four controls? Are you on top of OS and app patches across your infrastructure and devices? Do you have effective whitelisting and a policy for administrator privilege management in place?

AISN Managed Security Services can help you audit your company for security risk exposure and answer these questions. Best of all, you don’t have to be a current hosting client to get the help you need. Contact us today to get a conversation rolling.

 

Laurie Head is co-owner of AIS Network and VP, Marketing Communications.