INSIGHTS FROM INDUSTRY
HOW TO PREPARE FOR A CYBER ATTACK EIGHT STEPS TOWARDS BETTER PROTECTION
A
n increase in cyber attacks within the aged care and healthcare sectors has led many to see an attack as no longer an ‘if’ but a ‘when’. The Australian Cyber Security Centre (ACSC) released an advisory notice in 2020, warning aged care providers of ransomware campaigns targeting the sector. Since then, a string of attacks has highlighted the urgent need for providers to proactively manage cyber risks.
THE ESSENTIAL EIGHT MATURITY MODEL 1. Application control 2. Patch applications 3. Configure Microsoft Office macro settings 4. User application hardening 5. Restrict administrative privileges 6. Patch operating systems 7. Multi-factor authentication 8. Regular backups
But without an in-house security expert, preparing for a cyber attack can be a daunting task—so where should providers start?
The Essential Eight
The Essential Eight Maturity Model is recommended by many cybersecurity experts as a baseline framework for organisations to protect themselves against cyber attacks. Developed by the ACSC in collaboration with the Australian Signals Directorate, the Essential Eight comprises the top eight cyber strategies. When implemented effectively, the model helps providers protect themselves against the most common cyber threats. Implementation of the model is scored on a scale from Level One, which addresses simple cyber risks, to Level Three, which aids in protecting against complex and sophisticated threat actors. The Essential Eight are: 1. Application control to ensure only approved programs and applications can execute on servers, workstations and devices. 2. Patch applications to address vulnerabilities that can threaten the security of the IT environment. 3. Configure Microsoft Office macro settings to ensure that documents embedded with malicious code cannot impact the IT environment. 4. User application hardening by disabling old and vulnerable technologies in web browsers and applications. 5. Restrict administrative privileges to ensure that privileged accounts are only supplied when needed, and access is restricted on a ‘need to know’ basis. 6. Patch operating systems to address vulnerabilities in old or unsupported versions that can threaten the security of the IT environment.
70