During our recent June Security event, we talked about Australian Signal Directorate’s Essential Eight Strategies, as a recommended baseline to address risks associated with cybersecurity. In line with ASD’s recommendations, we recommend this list as an absolute must for every Australian business to ensure you tick some of the key boxes to protect your organisation. At the event, we touched on some recent scenarios, where the impact of ransomware could have been significantly reduced, if not completely stopped, had Application Whitelisting been implemented.
In case you are not familiar, the Australian Cyber Security Centre (ACSC) defines Application Whitelisting as one of its Essential Eight strategies targeted to protect your systems from any malicious code execution. It focuses on going through a process of creating a list of applications required by the business, based on various user roles and activities, which effectively means that any unapproved applications (which includes malicious code that may have found its way into your environment) not part of the Whitelist will not work.
Blacklisting vs Whitelisting
In case you are curious to know, how does it differ from Blacklisting which is also a common approach? Blacklisting involves creating a list of applications, which you don’t want to run in your environment. It works well if you are familiar with the applications that are likely to harm your systems, which can be a challenge in itself, considering the risk of zero-day vulnerabilities. Blacklisting can also be categorised as a reactive approach, when you know which bad guys to catch in a large crowd entering your premises, whereas Whitelisting is probably more proactive, where you provide an entry pass to people you know and trust and everyone else is blocked.
Why is Application Whitelisting so essential for businesses?
The costs of becoming a cybercrime statistic are enormous. Apart from massive fines imposed by new data regulations, such as the National Data Breach scheme and the General Data Protection Regulation (GDPR), data breaches can potentially have a significant impact on your organisation’s brand reputation, revenue, and eventually client’s trust.
Here are some of the reasons why we believe Application Whitelisting is the first one in ASD’s Essential Eight strategies list:
1. It allows only trusted apps to run.
Regardless of how strong your strategy is, your environment is always at risk of one of your time-bound employee trying to install applications, beyond what is available from Internal IT, to be more productive or to complete a task which may not otherwise seem possible. Sadly, sometimes these new applications, which appear to be great on the surface cause malware to get into your environment. Application Whitelisting reduces the risk of running unapproved apps, which may be trying to fool your users to get malicious content in.
2. It protects against zero-day attack.
Cyber threats are evolving very fast, and there is typically a lead time between threat identification and the time a fix is available. Whitelisting once enabled offers a stronger line of defence against zero-day threats as it will not allow execution of any applications other than the ones that appear on the whitelist.
3. It reduces overall IT TCO due to the lesser effort required by IT to fix security issues.
Security incidents are not only costly in terms of loss in business reputation, trust, and legal fees; there can be a significant cost associated to recover from a cybersecurity breach and in some instances, it is not possible to recover at all. Whitelisting as part of your business strategy can have a direct impact on IT’s workload, who could otherwise need to spend days recovering from a cyber intrusion. Most IT representatives don’t generally enjoy working on infected machines, as the recovery process can often be convoluted, with several failed attempts, before seeing any light at the end of the tunnel.
Are you a Microsoft Windows user?
If you are using Windows (versions 7, 8 or 10) or Windows Server (versions 2008, 2012 or 2016) in your organisation, then you already have access to application whitelisting tool built in Windows called AppLocker. It can effectively prevent executable files, scripts, Windows installer files, dynamic-link libraries (DLLs), packaged apps and packaged app installers from running automatically in your Windows environment*. You can review the requirements for implementing AppLocker here and how to administer it here. If it’s not something you would like to get involved in, we suggest you engage certified security professionals to assist you in getting the most out of your existing investments.
Assess your organisation’s readiness for unexpected cyberthreats
When was the last time you assessed your organisation’s security risk profile? If you haven’t done so in the last twelve months, you may want to do that now! In the current technology climate, it is recommended that every business should get a regular independent security assessment to get a clear picture of the security risks that apply to their business based on the current threats. Prevention has always been better than a cure, and a little investment in professional advice generally outweighs a major expense your business could be up for. In our experience, a lack of attention and action on evolving security requirements are the reasons breaches occur, and most are preventable.
Application whitelisting is just one of the strategies you can adopt to minimise the risk, and if you are concerned about your overall security strategy, we suggest you schedule a 1-hour complimentary security consultation, with one of our specialists by calling 1800 126 499.
More cybersecurity blogs
- Keep your data safe with Azure Information Protection
- ASD Essential Eight: Your baseline cybersecurity strategy
- 5 Ways your employees put your business at risk
- 8 Cybersecurity best practices in 2018