A different look at Cyber Security by the Australians
4 CRITICAL ACTIONS = MITIGATE CYBER RISK BY 85%
By implementing these TOP 4 “mitigation strategies” as a complete package, you will reduce your risk of successful cyber attack by 85%
- While no single strategy can prevent malicious activity, the effectiveness of implementing the Top 4 strategies remains very high.
- At least 85% of the cyber intrusions that ASD responds to involve adversaries using unsophisticated techniques that would have been mitigated by implementing the Top 4 mitigation strategies as a package.
- Implementing the Top 4 mitigation strategies can be achieved gradually, firstly on workstations of users who are most likely to be targeted by cyber intrusions, and then implementing them on all workstations and servers.
- Once this is achieved, organisations can selectively implement additional mitigation strategies to address security gaps until an acceptable level of residual risk is achieved
- Application White-listing of permitted/trusted programs, to prevent execution of malicious or unapproved programs including DLL files, scripts and installers
- Patch Applications E.g. Java, PDF viewers, Flash, web browsers and Microsoft Office. Patch or mitigate systems with ‘extreme risk’ vulnerabilities within two days. Use the latest version of applications
- Patch Operating System Vulnerabilities. Patch or mitigate systems with ‘extreme risk’ vulnerabilities within two days. Use the latest suitable operating system.
- Restrict Administrative Privileges to operating systems and applications based on user duties. Such users should use a separate unprivileged account for email and web browsing.
Data Sheet – Application White-listing
Data Sheet – Restrict Administrative Privileges