In past blog posts we've covered strategies in the Essential 8. Today I thought I’d look at the recent changes to the Essential 8 Maturity Model.
Operating System and Application Patching
ASD Essential 8: Restrict Administrative Privileges
It's time to look at another strategy in the ASD Essential 8. The concept of minimising administrative privileges was in the original ASD top 4, but unfortunately this important and very effective strategy is often overlooked. Administrative privileges are powerful, and once granted allow pretty much any change to be made to a system. If a user has administrative privileges to a system they can make intentional or unintentional changes that could have major consequences
Malicious Macros - Have you received a fake invoice?
Today I'm covering another strategy from the Australian Signals Directorate’s Essential 8: Disabling untrusted Microsoft Office macros.
We’ll be looking at strategies to protect against malicious macros. These strategies can all be implemented in a Windows domain environment using Group Policy and they do not require third party software. This might not be the most exciting subject in the world, but grab a coffee and stick with me, it’s important.
An essential preventive cybersecurity strategy - application whitelisting
I recently wrote about the Australian Signals Directorate (ASD) Essential 8 and today will be covering one of the most effective of the 8 strategies, one that sits proudly in the original ASD top 4. Application whitelisting only allows known good applications to execute on a computer. If unknown applications can’t run on a system, then execution of malware and other malicious code is much less likely. Of course, it’s not foolproof and multiple layers of protection and strategies will always be required. For example, application whitelisting does not stop a known good program like a web browser from executing malicious code in memory. We of course need to make sure other strategies are in place like application patching and hardening.
Essential cybersecurity strategies to protect your business
Everyone needs a strategy, right? What are you doing to protect your business against cyber threats, and the real possibility of someone stealing or destroying your data. An attack could come in any number of ways, a data breach and the theft of critical data or possibly a ransomware attack and the destruction of important files. Many companies, especially in the SMB space don't even have the security basics in place and it can be difficult even knowing where to start. It's simply not enough these days to put a firewall and anti-virus program in place and sit back and relax. Believe me, I'd love it if that was the case, I’d be gladly taking a nap right now.