The Fundamental 5 - Key Strategies to Protect your ICT Systems
If you're serious about keeping the hackers out, here are the fundamental 5 'must knows' for implementing key mitigation strategies to protect your ICT systems.
- Passwords and user credentials are the prime target of cyber attacks
- Protect password and privileged account access
- ASD recommended strategies to protect systems from credential theft/abuse
- Enforce least-privilege and application whitelisting
- Keep systems patched and up-to-date
We all know that passwords and user credentials are the prime targets of cyber attacks but can you guess how many are stolen each year, day or second? Well, here’s the blatant truth - Recorded in 2016, 3 billion a year, 8.2 million a day and 95 per second. So, the real question is, where would you fit into all of this? It’s definite that your chances are most certainly on the higher end of the scale when it comes to being hacked. This is why it is so important to understand the significance of the ‘Fundamental 5’ when it comes to protecting your ICT systems.
Let’s dive into juicy stuff.
Ever been faced with a long and complex password that you have no chance of remembering? Don’t worry, we all have and it’s no lie that we all, at some stage, have written it down ...somewhere. The funny thing is, when you think about this logically you convince yourself that this is the most time saving and cost effective option but let's be real - it’s not. Thinking about the tedious process of password retrieval definitely isn’t appealing and is one of the biggest contributors influencing us to write our passwords and account credentials down in the first place.
So, what’s the alternate solution?
Storing passwords and account credentials in a secure password management vault, of course! Put it this way, if you went on a holiday and had a bunch of expensive items, you wouldn’t leave them lying around, you would put them in the safe, right? Well, when it comes to passwords the situation is no different. Managing your passwords and account credentials through a password vault will significantly reduce the likelihood of hackers and malicious insiders from compromising an account. This can be the main difference between a single system and a user account getting compromised.
How can the ASD help?
Based on the likelihood of getting hacked the Australian Signals Directorate (ASD) document highlights what you need to do to avoid an attack by a malicious insider. The document will teach you the significance of Application Whitelisting, maintaining up-to-date operating systems and applications, and restricting access to Privileged Administrator Accounts. By enforcing least Privilege and Application Whitelisting, this will ensure you can instantly remove privileges from users, as well as safeguard employees from malicious software. Implementing these qualities will ensure protection for password and Privileged Account Access.
Following the Fundamental 5 is the key to protecting your ICT systems.