The Fundamental 5 – Key Strategies to Protect your ICT Systems

November 18, 2017 | Views: 3094

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

If you’re serious about keeping the hackers out, here are the fundamental 5 ‘must knows’ for implementing key mitigation strategies to protect your ICT systems.

  1. Passwords and user credentials are the prime target of cyber attacks
  2. Protect password and privileged account access
  3. ASD recommended strategies to protect systems from credential theft/abuse
  4. Enforce least-privilege and application whitelisting
  5. Keep systems patched and up-to-date

We all know that passwords and user credentials are the prime targets of cyber attacks but can you guess how many are stolen each year, day or second? Well, here’s the blatant truth – Recorded in 2016, 3 billion a year, 8.2 million a day and 95 per second. So, the real question is, where would you fit into all of this? It’s definite that your chances are most certainly on the higher end of the scale when it comes to being hacked. This is why it is so important to understand the significance of the ‘Fundamental 5’ when it comes to protecting your ICT systems.

Let’s dive into juicy stuff. 

Ever been faced with a long and complex password that you have no chance of remembering? Don’t worry, we all have and it’s no lie that we all, at some stage, have written it down …somewhere. The funny thing is, when you think about this logically you convince yourself that this is the most time saving and cost effective option but let’s be real – it’s not. Thinking about the tedious process of password retrieval definitely isn’t appealing and is one of the biggest contributors influencing us to write our passwords and account credentials down in the first place.  

So, what’s the alternate solution? 

Storing passwords and account credentials in a secure password management vault, of course! Put it this way, if you went on a holiday and had a bunch of expensive items, you wouldn’t leave them lying around, you would put them in the safe, right? Well, when it comes to passwords the situation is no different. Managing your passwords and account credentials through a password vault will significantly reduce the likelihood of hackers and malicious insiders from compromising an account. This can be the main difference between a single system and a user account getting compromised.

How can the ASD help?

Based on the likelihood of getting hacked the Australian Signals Directorate (ASD) document highlights what you need to do to avoid an attack by a malicious insider. The document will teach you the significance of Application Whitelisting, maintaining up-to-date operating systems and applications, and restricting access to Privileged Administrator Accounts. By enforcing least Privilege and Application Whitelisting, this will ensure you can instantly remove privileges from users, as well as safeguard employees from malicious software. Implementing these qualities will ensure protection for password and Privileged Account Access.

Remember! 

Following the Fundamental 5 is the key to protecting your ICT systems. 

References:

www.thycotic.com

https://www.asd.gov.au/publications/protect/top_4_mitigations.htm

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
2 Comments
  1. I often have the opportunity to engage end-users in conversation as a PC technician, and I am still surprised each time I mention password managers (vaults), and realize that the concept is new to them. I hope that you also have a chance to share the simple, yet effective tips that seem like common knowledge to us in the infosec community. Thanks for your contribution!

    • I 100% agree, it’s amazing to see how much real estate there is in the market when it comes to educating end-users. Simple tips like these are a really great start and are nice and easy to understand. Thanks for the comment!

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel