The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help technical cyber security professionals in all organisations mitigate cyber security incidents. This guidance addresses targeted cyber intrusions (e.g. executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, 'business email compromise' and industrial control systems.
This guidance is informed by ASD's experience responding to cyber security incidents, performing vulnerability assessments and penetration testing Australian government organisations.
Prior to implementing mitigation strategies, organisations need to identify their assets and perform a risk assessment to identify the level of protection required from various threats. Organisations require motivation to improve their cyber security posture, supportive executives, access to skilled cyber security professionals and adequate financial resources. Motivators include a detected cyber security incident, a penetration test, mandatory data breach reporting, mandatory compliance, and evidence of a lower cyber security posture or higher threat exposure than previously realised.
The following page provides mitigation strategies and a suggested implementation order for:
- targeted cyber intrusions and other external adversaries who steal data
- ransomware denying access to data for monetary gain, and external adversaries who destroy data and prevent computers/networks from functioning
- malicious insiders who steal data such as customer details or intellectual property
- malicious insiders who destroy data and prevent computers/networks from functioning.
When implementing a mitigation strategy, first implement it for high risk users and computers such as those with access to important (sensitive or high-availability) data and exposed to untrustworthy Internet content, and then implement it for all other users and computers. Organisations should perform hands-on testing to verify the effectiveness of their implementation of mitigation strategies.
No single mitigation strategy is guaranteed to prevent cyber security incidents. Properly implementing application whitelisting, patching applications, patching operating systems and restricting administrative privileges (referred to as the Top 4) continues to mitigate over 85% of adversary techniques used in targeted cyber intrusions which ASD has visibility of.
Incorporating the Top 4, the eight mitigation strategies with an 'essential' effectiveness rating are so effective at mitigating targeted cyber intrusions and ransomware that ASD considers them to be the cyber security baseline for all organisations. Any organisation that has been compromised despite properly implementing these mitigation strategies is encouraged to notify ASD.
The companion Strategies to Mitigate Cyber Security Incidents – Mitigation Details document contains updated implementation guidance for the mitigation strategies, as well as new guidance to mitigate 'business email compromise' and threats to industrial control systems.
ASD’s Australian Government Information Security Manual (ISM) provides supporting guidance. ASD also has separate and specific guidance for mitigating denial of service, securely using cloud computing and enterprise mobility, including personally-owned computing devices.