With consistent attacks across the board and organisations at risk more than ever before, cybersecurity has become a major focus. The Australian Government has produced material in order to help unpack and simplify adversaries’ levels of attack and how to combat them.
The Australian Cyber Security Centre (ACSC) has developed essential mitigation strategies, to help organisations protect themselves against various cyber threats.
The most effective of these mitigation strategies are the Essential Eight. The Essential Eight are designed to protect Microsoft Windows-based internet-connected networks. While the Essential Eight may be applied to cloud services and enterprise mobility, or other operating systems, it was not primarily designed for such purposes and alternative mitigation strategies may be more appropriate to mitigate unique cyber threats to these environments.
This model demonstrates 4 levels of maturity, where maturity refers to the increased level of adversary tradecraft.
Beginning with maturity level zero, this signifies that an organisation has weaknesses in their overall cybersecurity. When exploited these weaknesses could facilitate a compromise of data and integrity of systems.
Following on, maturity level one refers to adversaries who are content to simply just leverage publicly- available exploits, security that hasn’t been patched, and authentication tactics from stolen, reused, brute force, or guessed credentials. In this tier, adversaries are generally looking for any victim rather than a specified one.
Following on maturity level two refers to adversaries operating with a step-up in capability. These adversaries are willing to invest more time in a target and more importantly the tools they use to infiltrate. These hackers will employ well-known tradecraft to bypass security and evade detection. This tier also includes those actively seeking user credentials through acts of phishing and social engineering techniques for weak Multi-Factor Authentication passwords. Adversaries are more likely to be selective in their targeting but are somewhat conservative in the time and effort they put into the attack. This tier may also destroy data and backups accessible to an account with special privileges on the network.
Finally, maturity level three is adversaries who are more adaptive and less reliant on common tools and techniques. They will exploit weaknesses in their target’s cybersecurity through old software or inadequate monitoring. This tier is generally focused on a particular target and are willing and able to invest in infiltrating it.
For a full list of the key differences between each level click here
Overall, organisation should first identify and target a level of maturity that is suitable for their environment. Many elements go into selecting which level of security should be followed for each organisation so it is integral that you seek advice from a security expert like Jasco to help you make the transition.
To speak with our security experts reach out below.