Security Australian govt. issues cyber security warning

KDDI provides the latest in cybersecurity solutions

Is your cyber security up to the task? At KDDI, we provide the latest in security solutions to protect and support customers’ IT environments.

Overview

At a press conference on 19th June 2020, Scott Morison, the Prime Minister at the time, urged Australian government institutions to receive expert advice on cyber security and take defensive measures to protect themselves against cyberattacks. He also advised that for cyber security, the entire community including industry and individuals needed to make efforts.

The Australian Cyber Security Centre (ACSC) has pointed out high-priority cyber security measures that should be taken to mitigate damage from cyberattacks. The Australian federal government is encouraging victims of cyberattacks to report the attacks.

Japanese companies in Australia have also been the targets of cyberattacks.

Cyber security measures overview

1）The high-priority measures for reducing damage from cyberattacks that the ACSC is recommending are the following two measures:

Organisations should ensure that security patches or mitigations are applied to internet-facing infrastructure within 48 hours. Additionally organisations, where possible, should use the latest versions of software and operating systems.
Multi-factor authentication should be applied to all internet-accessible remote access services, including: web and cloud-based email, collaboration platforms, virtual private network connections, and remote desktop services. (Multi-factor authentication means using not only a password, but additional factors such as device information or biological information to do authentication.)

For details, see the following link:

Australian Signals Directorate homepage (Advisory 2020-008)

2）The ACSC also recommends what they call the “Essential Eight” as mitigation strategies:

Australian Signals Directorate homepage (Essential Eight)

State of cyber crimes and cyber security in Australia

(Source: ACSC - Australian Cyber Security Centre, data from July 1, 2019 to Sept. 30, 2019)

Data on economic losses

Average loss per security incident report - $6,000
Daily average loss - $890,000
Estimated yearly loss - $328,000,000

Top 5 types of cyber crime in Australia

Identity theft
Online fraud and shopping scams
Bulk extortion
Online romance scams
Wire-fraud and business email compromise

The Essential Eight

While no single mitigation strategy is guaranteed to prevent cyber security incidents, organisations are recommended to implement eight essential mitigation strategies as a baseline.

This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems. Furthermore, implementing the Essential Eight proactively can be more cost-effective in terms of time, money and effort than having to respond to a large-scale cyber security incident.

There is a suggested implementation order for each adversary to assist organisations in building a strong cyber security posture for their systems. Once organisations have implemented their desired mitigation strategies to an initial level, they should focus on increasing the maturity of their implementation such that they eventually reach full alignment with the intent of each mitigation strategy.

Mitigation Strategies to Prevent Malware Delivery and Execution

1. Application control

To prevent execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers.

Why: All non-approved applications (including malicious code) are prevented from executing.

2. Configure Microsoft Office macro settings

to block macros from the internet, and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.

Why: Microsoft Office macros can be used to deliver and execute malicious code on systems.

3. Patch applications

e.g. Flash, web browsers, Microsoft Office, Java and PDF viewers. Patch/mitigate computers with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest version of applications.

Why: Security vulnerabilities in applications can be used to execute malicious code on systems.

4. User application hardening

Configure web browsers to block Flash (ideally uninstall it), ads and Java on the internet. Disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers.

Why: Flash, ads and Java are popular ways to deliver and execute malicious code on systems.

Mitigation Strategies to Limit the Extent of Cyber Security Incidents

5. Restrict administrative privileges

To operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don’t use privileged accounts for reading email and web browsing.

Why: Admin accounts are the ‘keys to the kingdom’. Adversaries use these accounts to gain full access to information and systems.

6. Multi-factor authentication

including for VPNs, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository.

Why: Stronger user authentication makes it more difficult for attackers to access confidential information and systems.

7. Patch operating systems

Patch/mitigate computers (including network devices) with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest operating system version. Don't use unsupported versions.

Why: Security vulnerabilities in operating systems can be used to further the compromise of systems.

Measures to improve data and system availability

8. Daily backups

Of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months. Test restoration initially, annually and when IT infrastructure changes.

Why: To ensure information can be accessed following a cyber security incident (e.g. a ransomware incident).

Security measures

Once a security incident occurs, the response costs in terms of time, money and labor are massive. Now with COVID-19 resulting in companies around the world implementing a sudden start to remote work, the security of those companies must be strengthened.

At KDDI Australia, to aid in implementing the Essential Eight and otherwise operating your IT assets securely, we will work with you to check the state of your current IT environment. Since the recommended security measures require that they be continuously implemented, we can propose IT solutions to reduce your operational workload and we can also provide IT management outsourcing. Feel free to contact us to discuss how we can help with your IT needs.

What is the best solution for your problem?
Please consult a KDDI consultant.

Related Resources

Global Coverage Map

Brochure

Smart Office, Business Support Tool, Manufacturing, Data Center, Zero Trust, Trading, Business Management, IT Governance, Work Style Change, Security, Cloud App, Transporting, Business DX (Needs), Network, Smart Factory, Office IT Management, Relocation Opening of Office & Factory, Business DX, Foods and Consumer goods, Remote Support, Services, Internet, Government, Connected Car, Zero Trust (Needs), Work Efficiency, IoT, Finance

Global Business Brochure

Brochure

KDDI Global ICT Solutions (English Subtitles)

Video

Smart Office, Business Support Tool, Manufacturing, Data Center, Zero Trust, Trading, Business Management, IT Governance, Work Style Change, Security, Cloud App, Transporting, Business DX (Needs), Network, Smart Factory, Office IT Management, Relocation Opening of Office & Factory, Business DX, Foods and Consumer goods, Remote Support, Internet, Government, Data Center(Needs), Connected Car, Zero Trust (Needs), Work Efficiency, Finance

Related Services

Microsoft Power Platform

業務に必要なビジネスアプリを素早く手軽に作成

クラウド・アプリ

KDDIのクラウドソリューションでビジネス変化へ迅速に対応

Microsoft 365

Microsoft Officeに加え、コミュニケーションや業務に必要なツールをオールインワンで使えるクラウドサービス

Security

Cato Cloud

Cisco Umbrella

KDDI Cloud Inventory