3 minute read
How to prepare for a cyber attack
EIGHT STEPS TOWARDS BETTER PROTECTION
An increase in cyber attacks within the aged care and healthcare sectors has led many to see an attack as no longer an ‘if’ but a ‘when’. The Australian Cyber Security Centre (ACSC) released an advisory notice in 2020, warning aged care providers of ransomware campaigns targeting the sector. Since then, a string of attacks has highlighted the urgent need for providers to proactively manage cyber risks.
But without an in-house security expert, preparing for a cyber attack can be a daunting task—so where should providers start?
The Essential Eight
The Essential Eight Maturity Model is recommended by many cybersecurity experts as a baseline framework for organisations to protect themselves against cyber attacks. Developed by the ACSC in collaboration with the Australian Signals Directorate, the Essential Eight comprises the top eight cyber strategies.
When implemented effectively, the model helps providers protect themselves against the most common cyber threats. Implementation of the model is scored on a scale from Level One, which addresses simple cyber risks, to Level Three, which aids in protecting against complex and sophisticated threat actors.
The Essential Eight are:
1. Application control to ensure only approved programs and applications can execute on servers, workstations and devices.
2. Patch applications to address vulnerabilities that can threaten the security of the IT environment.
3. Configure Microsoft Office macro settings to ensure that documents embedded with malicious code cannot impact the IT environment.
4. User application hardening by disabling old and vulnerable technologies in web browsers and applications. 5. Restrict administrative privileges to ensure that privileged accounts are only supplied when needed, and access is restricted on a ‘need to know’ basis.
6. Patch operating systems to address vulnerabilities in old or unsupported versions that can threaten the security of the IT environment.
THE ESSENTIAL EIGHT MATURITY MODEL
1. Application control 2. Patch applications 3. Configure Microsoft Office macro settings 4. User application hardening 5. Restrict administrative privileges 6. Patch operating systems 7. Multi-factor authentication 8. Regular backups
Continued from page 70
7. Multi-factor authentication is enabled to securely connect all users remotely accessing the network or accessing important data.
8. Regular backups of important systems are collected and stored offline, to ensure the protection of important data and systems.
How can the Essential Eight build cyber resilience?
For the most part attackers are lazy and will choose victims who expose themselves with obvious, exploitable system weaknesses. Notable examples include attacks against several major aged care providers, who fell victim to various styles of attack which may have been prevented through the use of multi-factor authentication.
The overwhelming majority of cyber attacks can be prevented through basic cybersecurity practices and good IT hygiene. The Essential Eight supports this by providing strategies for organisations to reduce their exposure and make it harder for attackers to gain a foothold.
Keeping pace with threats
The Essential Eight offers a valuable reference for providers to start addressing their cybersecurity risk today.
However, the evolving nature of the cyber threat landscape means that the Essential Eight strategies are also constantly evolving.
For this reason, frameworks such the ISO 27001 standard or NIST cybersecurity framework are often better suited for tracking the performance of a cybersecurity program longterm.
Ideally, providers also need to consider a wide scope of security controls, introducing awareness and training, governance and policy, and business continuity planning across the organisation.
Selina Gerner is Partner and Jesse Pearce Manager, McGrathNicol. For more information visit www.mcgrathnicol.com
Medication Management made simple, safe and complete
MPS Connect has launched its new Electronic Medication Management (EMM) software, MediSphere to Aged Care. Placing aged care residents at the centre is what MPS Connect do. Unlike anything currently on the Market. MediSphere’s features include:
■ eNRMC enabled ■ Complete Paperless Medication Management
■ User interface that nurses want to use
■ Antimicrobial stewardship and psychotropic management
■ Workflows that support best practice and alerts to support better care
■ Includes intelligent integrations to PainChek,
Clinical Suites, RMMR and QUMS“What makes MediSphere so unique is that it was built by nurses for nurses. We took our time to consult with the end user to make sure we meet their daily needs. This is why the product is getting great reviews by the facility staff”.
Luke Fitzgerald General Manager, MPS Connect
■ State of the art Reporting Suite allowing for preventative care To find out more about MediSphere download the brochure (https://tinyurl.com/mspbnant) or visit the MPS Connect website and request a demonstration. www.mpsconnect.com.au