Managing your IT security with one Multi-Layered approach

By Andrew Souter, Ivanti

Credit: ID 117352309 © Pop Nukoonrat |

The world is evolving and so is the way  modern business operates when it comes to security; security teams now have to manage multiple systems, devices and data, stored both onsite or in the cloud. Therefore, it is more important than ever to closely monitor the IT security defences, effectiveness and policies in real time. 

A recent survey conducted by Aura Information Security , shows that one in three businesses believe Australia is more at risk than the rest of the world. Furthermore, according to 40 percent of 307 Australian IT and security executives, Australia’s cybersecurity practices are lagging behind their global counterparts. 

With the increasing number of vulnerable endpoints and the complexity of threats, it’s clear that we need to adopt new approaches to stay ahead of cyberattacks. A joint report  from The Australian Cyber Security Centre (ACSC) in partnership with cyber security authorities of five nations: Australia, Canada, New Zealand, the UK and USA reveals that publicly available hacking tools are widely and freely available for use by everyone, making it imperative for network defenders and systems administrators to have the right defence at place in order to limit the effectiveness of these tools and detect their use on a network.

As cyber security continues to be a global concern, it is critical to have a robust framework to reduce and mitigate the impact of cyber-attacks. So how do you quantify your security posture and ensure a holistic, multi-layered and integrated security approach to secure the IoT environment? The answer is ASD Top 4 compliant (defined by the Australian Signals Directorate - ASD). 

The Essential 8 introduced by ASD is designed for all security professionals and IT administrators to mitigate the risks and ensure security. The ASD Top 4, however, are the four most instrumental aspects of any organisation’s security strategy.

1- Application Whitelisting
As the name suggests, application whitelisting helps filter the applications and allow only the known and clean ones to run in the environment. Depending on the tool, this can be maintained with a unique hash, allowing programs with trusted ownership to run. Application whitelisting can be highly effective in assisting with the identification and prevention of malicious activity by stopping any infected code being installed to the systems/network.

2- Patching Applications Software
Secondly, patching applications which are not a part of the core operating system is crucial. Application patching can be far more challenging than patching the operating system as there is a vast number of manufacturers and each may have a unique way of applying or configuring their patches. It is essential that these patches are kept up to date as failure to maintain compliance can drastically increase the potential for cyber intrusion into the network. Avoid having these patched with the latest releases otherwise your company is a prime target for cyber-attack.

3- Patching Operating Systems
The third key component to be the most vulnerable endpoint is the Operating System. The OS is the core on which all other systems and software are dependent, unless this is stable and secure then all other security functions are pointless. Patching the OS in a timely fashion underpins all other security considerations. Automation of this process is integral to maintaining a consistently secure environment. The greatest example of a targeted unpatched OS attack is the WannaCry attack of 2017. The attack  that caused chaos around the world and affected thousand PCs remains one of the most devastating attacks till date that infiltrated systems through an exploit in older Windows systems. 

4- Restricting administrative privileges
Lastly, it’s essential to safeguard the user accounts with admin privileges. The notifiable data breach (NDB) Q3 report,  revealed that 57 percent of malicious breaches were caused by compromised credentials. Accounts with admin rights are the most targeted ones since they have an elevated level of access to the organisation’s ICT system and can cause the most damage. Therefore, reducing administrative privileges to an absolute minimum while still maintaining access and rights to users, will reduce the chances of the network being affected by malware. 

According to the ASD  at least 85 percent of the intrusions that ASD responded to in 2011 involved adversaries using unsophisticated techniques that would have been mitigated by implementing the top four mitigation strategies. Organisations with sensitive information or valuable IP needs should be watchful of what sort of information is stored in their systems and is passing through their networks. This will help gain deeper visibility into traffic patterns across a network and identify vulnerabilities as well as malicious activity. Even small adjustments in security strategy planning, response, use of tools and procedures can make a big difference. 

As Benjamin Franklin once said, “if you fail to plan, you are planning to fail”. 

Tags IT SecuritycyberattacksICT system crashACSC(Australian Cyber Security Centre)Internet of Things (IoT)Ivanti

Show Comments