Australian govt. issues cyber security warning
KDDI provides the latest
in cybersecurity solutions
Is your cyber security up to the task? At KDDI, we provide the latest in security solutions to protect and support customers’ IT environments.
Prime Minister Morrison, at a press conference on June 19, urged Australian government institutions to receive expert advice on cyber security and take defensive measures to protect themselves against cyberattacks. He also advised that for cyber security, the entire community including industry and individuals needed to make efforts.
The Australian Cyber Security Centre (ACSC) has pointed out high-priority cyber security measures that should be taken to mitigate damage from cyberattacks. The Australian federal government is encouraging victims of cyberattacks to report the attacks.
Japanese companies in Australia have also been the targets of cyberattacks.
Cyber security measures overview
1）The high-priority measures for reducing damage from cyberattacks that the ACSC is recommending are the following two measures:
- Organisations should ensure that security patches or mitigations are applied to internet-facing infrastructure within 48 hours. Additionally organisations, where possible, should use the latest versions of software and operating systems.
- Multi-factor authentication should be applied to all internet-accessible remote access services, including: web and cloud-based email, collaboration platforms, virtual private network connections, and remote desktop services. (Multi-factor authentication means using not only a password, but additional factors such as device information or biological information to do authentication.)
For details, see the following link:
2）The ACSC also recommends what they call the “Essential Eight” as mitigation strategies:
State of cyber crimes and cyber security in Australia
(Source: ACSC - Australian Cyber Security Centre, data from July 1, 2019 to Sept. 30, 2019)
Data on economic losses
- Average loss per security incident report - $6,000
- Daily average loss - $890,000
- Estimated yearly loss - $328,000,000
Top 5 types of cyber crime in Australia
- 1.Identity theft
- 2.Online fraud and shopping scams
- 3.Bulk extortion
- 4.Online romance scams
- 5.Wire-fraud and business email compromise
The Essential Eight
While no single mitigation strategy is guaranteed to prevent cyber security incidents, organisations are recommended to implement eight essential mitigation strategies as a baseline.
This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems. Furthermore, implementing the Essential Eight proactively can be more cost-effective in terms of time, money and effort than having to respond to a large-scale cyber security incident.
There is a suggested implementation order for each adversary to assist organisations in building a strong cyber security posture for their systems. Once organisations have implemented their desired mitigation strategies to an initial level, they should focus on increasing the maturity of their implementation such that they eventually reach full alignment with the intent of each mitigation strategy.
Mitigation Strategies to Prevent Malware Delivery and Execution
1. Application control
To prevent execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers.
Why: All non-approved applications (including malicious code) are prevented from executing.
2. Configure Microsoft Office macro settings
to block macros from the internet, and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.
Why: Microsoft Office macros can be used to deliver and execute malicious code on systems.
3. Patch applications
e.g. Flash, web browsers, Microsoft Office, Java and PDF viewers. Patch/mitigate computers with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest version of applications.
Why: Security vulnerabilities in applications can be used to execute malicious code on systems.
4. User application hardening
Configure web browsers to block Flash (ideally uninstall it), ads and Java on the internet. Disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers.
Why: Flash, ads and Java are popular ways to deliver and execute malicious code on systems.
Mitigation Strategies to Limit the Extent of Cyber Security Incidents
5. Restrict administrative privileges
To operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don’t use privileged accounts for reading email and web browsing.
Why: Admin accounts are the ‘keys to the kingdom’. Adversaries use these accounts to gain full access to information and systems.
6. Multi-factor authentication
including for VPNs, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository.
Why: Stronger user authentication makes it more difficult for attackers to access confidential information and systems.
7. Patch operating systems
Patch/mitigate computers (including network devices) with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest operating system version. Don't use unsupported versions.
Why: Security vulnerabilities in operating systems can be used to further the compromise of systems.
Measures to improve data and system availability
8. Daily backups
Of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months. Test restoration initially, annually and when IT infrastructure changes.
Why: To ensure information can be accessed following a cyber security incident (e.g. a ransomware incident).
Once a security incident occurs, the response costs in terms of time, money and labor are massive. Now with COVID-19 resulting in companies around the world implementing a sudden start to remote work, the security of those companies must be strengthened.
At KDDI Australia, to aid in implementing the Essential Eight and otherwise operating your IT assets securely, we will work with you to check the state of your current IT environment. Since the recommended security measures require that they be continuously implemented, we can propose IT solutions to reduce your operational workload and we can also provide IT management outsourcing. Feel free to contact us to discuss how we can help with your IT needs.