Research by Australia's Defence Signals Directorate (DSD) reinforces what information security specialists have been saying forever. Most intrusions could be prevented by paying attention to the basics.
At least 85 percent of targeted intrusions would be defeated by these clever new strategies:
• Patch applications such as PDF readers, Microsoft Office, Java, Flash Player and web browsers.
• Patch operating system vulnerabilities.
• Minimise the number of users with administrative privileges.
• Use application whitelisting to help prevent malicious software and other unapproved programs from running.
These are the first items in DSD's Top 35 Mitigation Strategies, based on analysis of reported incidents and problems discovered during vulnerability assessments and penetration testing in 2010.
"Implementing the top four strategies can be achieved gradually, starting with computers used by the employees most likely to be targeted by intrusions, and eventually extending them to all users," the agency wrote. "Once this is achieved, organisations can selectively implement additional mitigation strategies based on the risk to their information."
DSD is responsible for the information security of Australian government military and civilian agencies.