The following is a summary of the actions required to best defend against malicious activity.
- Patch applications and devices, particularly internet-facing services. Monitor for relevant vulnerabilities and security patches, and consider bringing forward patch timeframes.
- Implement mitigations against phishing and spear phishing attacks. Disable Microsoft Office macros by default and limit user privileges. Ensure that staff report all suspicious emails received, links clicked, or documents opened.
- Ensure that logging and detection systems are fully updated and functioning. Prioritise internet-facing and critical network services, and ensure that logs are centrally stored.
- Review incident response and business continuity plans. Plan responses to network compromise as well as disruptive or destructive activity such as ransomware. Ensure these plans are known to and actionable by staff, and are accessible even when systems are down.
They also recommend that businesses review the Essential Eight and prioritise remediating any identified gaps in Essential Eight maturity. Following this, businesses should review technical details associated with any specific threats they have identified as relevant and incorporate these into monitoring and response plans.
Follow the link for further information.