Cybersecurity, Implementation Strategies using ASD Essential Eight.

Abstract Summary

This paper speaks of the latest cybersecurity threats and presents the key elements of an effective cybersecurity strategy. This paper also provides an understanding of ASD Essential Eight Mitigation Strategies and the National Institute of Standards and Technology (NIST) Cybersecurity Framework, highlighting its significance in defending against cyber threats. By implementing a well-precise cybersecurity strategy and by selecting a proper framework, organizations can effectively counter growing threats, consolidate their defences, and defend their digital assets in a progressively more interconnected world. This consists of applying a combination of preventive, detective, and remedial measures to establish a resilient security posture and to defend against network-based dangers, malicious actions, and phishing challenges. Secondly, the implementation of end-point security solutions is essential to secure personal devices and prevent unauthorized access. Furthermore, data protection and encryption are vital in protecting sensitive information both at rest and in transit. Lastly, organizations must prioritize staff awareness and training to nurture a culture of cybersecurity. The ASD Essential Eight Mitigation Strategies focus on addressing the most prevalent cyber threats by providing a prioritized set of mitigation strategies to be incorporated in user application and system security controls, targeting to boost an organization's resilience against targeted cyber intrusions. On the other part, the NIST CSF proposes a comprehensive framework that involves five core functions: Identify, Protect, Detect, Respond, and Recover. It highlights a risk-based approach, helping organizations to gauge their cybersecurity posture, identify vulnerabilities, and establish measures to mitigate risk effectively. The CSF provides an adaptable and customizable methodology, adapting numerous organizational structures, sizes, and businesses. The paper concludes by emphasizing the benefits of leveraging both frameworks in a complementary manner. By merging the specific mitigation strategies of the ASD Essential Eight Mitigation Strategies with the broader risk management approach of the NIST CSF, organizations can develop a strong cybersecurity strategy that addresses both targeted threats and overall risk-based management. This integrated approach allows organizations to effectively protect their critical assets, detect and respond to cyber incidents, and recover from disruptions, ultimately enhancing their overall cybersecurity resilience.

Concept of Cybersecurity

?The term "cybersecurity" is a blend of two words: "cyber" and "security". "Cyber" refers to anything associated with computers, information technology, and simulated reality, while "security" denotes the protection of something from highly probable harm or threat.

Cybersecurity is the method of defending computer systems, networks, programs, and data from illegal access, harm, or stealing. It involves executing measures to prevent, detect, and respond to cyber threats, which incorporate a wide range of malicious activities conducted over digital networks.

2023: Evaluation of Cyber Security Threats from Previous Years till Date

1.????? Increasing Sophistication of Attacks: By means of advanced techniques such as Artificial Intelligence driven malware, machine learning-based avoidance strategies, and using supply chain assaults.

2.????? Ransomware on the Rise: Applying encoding to lock targets' data, demanding ransom payments for their release, targeting critical infrastructure and healthcare corporations, and large profit-making businesses.

3.????? Cloud Security Challenges: Corporations should supervise access controls, and safeguard data in transit and at stores, to guarantee the integrity of their cloud structure or else misconfigurations and ineffective security procedures can leak sensitive data.

4.????? Internet of Things (IoT) Vulnerabilities: The spread of IoT devices brings new entry points for cyberhacks. Several IoT devices do not have appropriate security methods, making them at risk of exploitation, which can be used as a launching pad for larger attacks and unauthorized data collection.

5.????? Importance on Zero Trust Due to Cyberthreats: Zero Trust assumes that no user or device can be presumed by default, requiring verification and authentication for every access request.

6.????? Artificial Intelligence and Machine Learning Hacking Techniques: AI and machine-learning technologies are being used both by defenders and hackers. AI-powered security solutions can help detect anomalies, identify threats, and act faster to cyberattacks. However, adversaries can also use Artificial Intelligence to automate attacks and evade traditional security methods.

Cybersecurity Strategy

First accessing the cybersecurity requirements of an organisation, the Security Strategy can be formulated based on the organisational risk-based security methodology, Information Security Manual (ISM) using Risk Management Framework, Australian Signals Directorate Essential Eight strategies and NIST Cybersecurity Framework (CSF) to mitigate cyber intrusions. There is no mandate to use all the frameworks, but choosing the one that suits best depends upon the type of business, security requirement, budget, and brand value of the organisation.

Security-focused activities should be ranked by classifying key security risk zones in the organisation and assessing the usefulness of current security controls against the severity or impact on the business if the system or sensitive data were to be compromised.

Security Engagement Process and Services

The security strategy of an organisation can be further framed based on the following security engagements, processes, and functions.

Information Security Governance Compliance

• Compliance with governing obligations and standards (ISO27001, PCI DSS and ISO9001).
• Coordinate with internal and?external?IT-related?audits.
• Do regular Information Security Awareness and Education.

Systems Network Security

• Establish security requirements for platforms & systems.
• Provide advice to project teams on platform strengthening, best practices, and design standards.
• Deploy Intrusion Detection and Prevention Systems (IDPS).

Application Security

• Create security requirements for applications.
• Establish a secure development process and integrate security delivery as part of the?development lifecycle.
• Conduct security reviews and assessments on applications before deploying to production.

Cyber Threat Detection Response Plan

• Set up an Incident and Response team.
• Keep 24x7 SIEM (Security Information and Event Management) to continuously monitor your systems and stay updated on emerging threats and vulnerabilities.

Five Core Pillars for Organisations to Raise its Security Position

Cultural Awareness and Responsibility:

Leadership, Awareness Training and education that embeds the thoughts of digital risks and their governance in our day-to-day work routine, can aid individuals and organizations to appreciate the importance of risk management and create a culture of awareness and accountability.

Information Security Programs

Develop Compliance programs with a baseline security capability and tools enabling an organisation to identify, protect, detect, and respond to cyber threats.

Secure Software Development

Implement Secure Architecture for Engineering and Software development, and operations.

Secure Supply Chain

Secure Supply Chain for Vendors, Contact centre, public cloud, and third-party services.?

Policy and Procedures

Implement ISM & ISO27001 compatible sales, service delivery, and network applications.?

Seven Key Focus Areas for Organisations to Improve on Cybersecurity.?

Governance

·?????? Security risk assessments of key infrastructure and applications?

ISO 27001

·?????? Repeated roll-out of ISO 27001 certifications to meet enterprise requirements and retain certifications.?

Improved End-Point Protection

·?????? Combine Antivirus and Malware protection solutions.

·?????? Application whitelisting allows only permitted applications to run on a network while blocking all others.?

Security Vulnerability/Penetration Assessment and Remediation

·?????? Deployment of software tools to monitor for malicious activities and perform regular Third-party pen tests on your application.

Defensive Improvement

·?????? Encryption and restricted access to key sensitive databases.

·?????? Web application firewalls (WAF) to protect web applications from cyber-attacks.

·?????? BYOD and effective mobile management and encryption of data.

Identity and Access Management

·?????? Muti-factor authentication.

·?????? Privilege-based Access Management.

Detection Improvement

• Agreed and documented processes for user access and access removal.
• User Log management allows organizations to detect and investigate security incidents and identify potential vulnerabilities.

My Cybersecurity Technology Recommendations for Security Strategy

1. MFA (Multi-Factor Authentication) using One-Time Password (OTP), SMS or Email Verification, and Time-based OTP generated by Apps like Google or Microsoft Authenticator.
2. NBA (Network Behavioural Analysis) helps to identify malicious files based on anomalies.
3. Use Threat intelligence and automation AI (Artificial Intelligence) tools to keep pace with the changing threat landscape.
4. Real-time security using security monitoring, Intrusion Detection System (IDS) and Intrusion Prevention System (IPS), Security Information and Event Management (SIEM), automation tools, EDR (to monitor endpoint devices for suspicious activities) and UBA (User Behaviour Analysis) using machine learning and analytics.
5. Deploy background security anti-virus software.
6. Sandboxing?– creating an isolated test environment to execute a suspicious file or URL, analyse malware, vulnerability mitigation, limit potential damage caused by exploits, and enhance privacy by separating users’ activities or sessions.
7. Forensics software to replay attacks to facilitate security teams better mitigate, forthcoming breaches.????????????
8. Back-up and mirroring to help protect data ensuring business continuity.
9. Implement WAF (Web application firewalls) protecting against cross-site forgery.
10. Find vulnerabilities like XSS (Cross-site-scripting), file inclusion, and?SQL injection using a blend of manual and automated scanning tools.
11. Use robust encryption algorithms and implement secure protocols like DLP: Data loss prevention solutions, SFTP: Secure file transfer protocols, and SSL: Secure sockets layer certificates to ensure the confidentiality and integrity of data.
12. Organisations should regularly conduct awareness training, and simulated phishing exercises and awareness campaigns to foster a culture of cybersecurity and empower the workforce to recognize and report potential security threats.

ASD Essential Eight Mitigation Strategies by Australian Signals Directorate

Image reference: https://www.upguard.com/blog/essential-eight

?The top 4 mitigation strategies that an organisation can use are listed below:

1)????? Application Whitelisting: Allowing only trusted applications to execute on your system.

2)????? Patching applications to keep your software updated to counter with every day new vulnerabilities and exploits.

3)????? Patching operating systems: to protect against known vulnerabilities and security issues.?

4)????? Restricted Administrative access: can reduce the impact of potential security breaches.

The remaining four of the essential 8 mitigation strategies are not mandatory; however, they are essential for securing your networks.

5)????? Use multi-factor authentication: using a combination of passwords, tokens, or biometric factors to verify user identities.?

6)????? Daily Backups: to shield against data loss in the event of a security incident or system failure.?

7)????? Network Segmentation: Separate networks into smaller segments to control and restrict access to sensitive information.?

8)????? Harden user applications: by configuring web browsers and email clients to restrict potentially unsafe scripting languages and automatic execution of attachments.?

The ASD Essential Eight comprises 8 mitigation strategies grouped into 3 categories as below.

Category 1: Prevent Malware Delivery and Execution:

This category comprises 4 strategies that spotlight thwarting malware from being delivered to a network and executing it. The strategies include application whitelisting, patching applications, disabling untrusted Office macros, and user application strengthening.

Category 2: Limit the Extent of Cyber Security Incidents:

This category incorporates 2 strategies that aim to limit the impact of a cyber security incident by restricting administrative privileges and patching operating systems.

Category 3: Recover Data and System Availability:

This category involves 2 strategies that focus on regaining data and making the system available after a cybersecurity occurrence. The strategies are daily backups and multi-factor authentication.?

National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)

The NIST Cybersecurity Framework (CSF) is voluntary to use for any organisation and is not mandatory. The framework helps, companies manage and reduce their cyber risks. It has a structured approach to managing cybersecurity risk that can be adapted accordingly to the needs of an organization.

It is constructed to facilitate organizations to Identify, Assess, and Manage their Cybersecurity Risks, and provide guidance for improving their cybersecurity posture. The CSF is based on five core functions: Identify, Protect, Detect, Respond, and Recover.

These core functions are further broken down into categories and subcategories, which provide a thorough view of an organization’s cybersecurity risk. It also gives a series of implementation guidance, tools, and sources to help organizations implement the framework and manage their cyber risks. NIST CSF enables corporations to strengthen their cybersecurity defences, mitigate risks, and counter effectively to cyber incidents. Furthermore, the framework promotes a risk-based approach, allowing companies to prioritize resources based on their critical assets and potential threats. It also encourages companies to continuously assess and adapt their cybersecurity practices, fostering a proactive and agile security posture.?

The CSF can be used as a stand-separate framework or combined with existing frameworks and standards like ASD Essential 8 based on the organisation's security objectives and chosen security strategies.

Final Thoughts on Picking the Right Framework

In conclusion, choosing the right framework for your organization is a critical step towards improving your overall cybersecurity strength. Each of the frameworks discussed ASD Essential 8 and the NIST Cyber Security Framework (CSF) are devised to address different aspects of cybersecurity.

The ASD Essential Eight is an excellent starting point for organizations that need to implement basic cybersecurity controls to protect against common threats. The NIST Cyber Security Framework (CST) is a full framework that can be tailored to the specific requirements of an organization.

Finally, the triumph of any cybersecurity framework rests on the dedication of your organization’s leadership, staff, and shareholders to prioritize and implement cybersecurity best practices. By deciding on the right framework and investing in cybersecurity, your organization can proactively defend against cyber threats and protect your valuable data, and assets, prevent unexpected revenue loss due to cyber hack and sustain your company brand value.?

References

1.????? Chadd K. The History of Cybersecurity | Avast [Internet]. blog.avast.com . 2020 [cited 2023 May 21]. Available from: https://blog.avast.com/history-of-cybersecurity-avast ?

2.????? Davies V. The history of cybersecurity | Cyber Security [Internet]. Cyber Magazine. 2021 [cited 2023 May 21]. Available from: ?https://cybermagazine.com/cyber-security/history-cybersecurity ?

3.????? OpenAI (2021) | ?"ChatGPT: Language Model AI." OpenAI? | [cited 2023 May 21] ?Available from: https://openai.com/research/chatgpt/ ?

4.????? ?Essential Eight Maturity Model | Cyber.gov.au [Internet]. Cyber.gov.au . 2023 [cited 2023 May 22]. Available from: https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model ?

5.????? Arnav Sharma. Comparing Information Security Manual (ISM), Essential Eight, and NIST Cyber Security Framework [Internet]. Let’s learn something new. 2023 [cited 2023 May 22]. Available from: https://arnav.au/2023/05/09/comparing-information-security-manual-ism-essential-eight-and-nist-cyber-security-framework/ ?

6.????? ASD Essential 8-vs-NIST Cybersecurity Framework (CSF) [Internet]. www.6clicks.com . [cited 2023 May 22]. Available from: https://www.6clicks.com/resources/comparisons/asd-essential-8-vs-nist-cybersecurity-framework-csf ?

7.????? Using the Information Security Manual | Cyber.gov.au [Internet]. Cyber.gov.au . 2023 [cited 2023 May 23]. Available from: https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/using-information-security-manual ?

8.????? Essential Eight Compliance Guide (Updated for 2021) | UpGuard [Internet]. www.upguard.com . [cited 2023 May 24]. Available from: https://www.upguard.com/blog/essential-eight ??

9.????? Strategies Simplified [Internet]. [cited 2023 May 24]. Available from: https://macquariegovernment.com/wp-content/uploads/sites/4/2017/03/Government-Essential-8-eGuide.pdf