The Australian Defense Signals Directorate (DSD) has once again updated their “35 Strategies to Mitigate Targeted Cyber Intrusions” report for 2012. The biggest take-away is that at least 85% of the unsophisticated intrusions they responded to could have been mitigated by simply implementing their top 4 strategies as a package. The top mitigations this year included the following:
- Application Whitelisting
- Patch Applications
- Patch Operating Systems
- Minimize Number of Users with Domain or Local Admin Privileges
For those with a careful eye, you’ll notice that nothing has chanced since last year when they released the report in July of 2011.
Of course perhaps a little more interesting are the bottom three recommendations…
- Network-Based Intrusion Detection/Prevent System
- Gateway Blacklisting
- Selected Network Traffic Capture
Australian computer networks are being targeted by adversaries seeking access to sensitive information. A commonly used technique is social engineering, where malicious ‘spear phishing’ emails are tailored to entice the reader to open them. Users may be tempted to open malicious email attachments or follow embedded links to malicious websites. Either action can compromise the network and disclose sensitive information. The Defence Signals Directorate (DSD) has developed a list of strategies to mitigate targeted cyber intrusions. The list is informed by DSD’s experience in operational cyber security, including responding to serious cyber incidents and performing vulnerability assessments and penetration testing for Australian government agencies.
Top 35 mitigation strategies table – click to enlarge, HTML version TBCDSD’s list of mitigation strategies, first published in February 2010, is revised for 2012 based on DSD’s most recent analysis of incidents across the Australian Government. While no single strategy can prevent malicious activity, the effectiveness of implementing the Top 4 strategies remains very high. At least 85% of the intrusions that DSD responded to in 2011 involved adversaries using unsophisticated techniques that would have been mitigated by implementing the Top 4 mitigation strategies as a package.
I don’t know how they could have missed anything given 35 strategies … but do you think they forgot something essential? Let us know in the comments below. Today’s post pic is from TUAW.com. See ya!