CERT NZ has published a list of 10 critical controls that it says, if implemented by organisations, would prevent, or better contain, the majority of attacks seen in the past year.
The list is CERT NZ's second of its kind and the organisation says it will publish, every few weeks, more information about a critical control.
"For each control a page will summarise the intent and success measures for business owners and a separate page will provide implementation advice for practitioners," a CERT NZ statement said.
Most of the controls listed should be standard practice. For example the list includes: Enforce multi-factor authentication, Patch your software; Change default credentials; Implement and test backups.
Others however require a level of expertise that might be lacking in small organisations. For example: Disable unused services and protocols.
"Older services and protocols often have their own vulnerabilities," CERT NZ says. "Leaving them on your network gives attackers more opportunity to breach your network. To mitigate this, scan your network for services and protocols that are: no longer used, or known to be vulnerable. If you identify any, carry out remediation based on your findings."
CERT NZ identified application white listing as one of the most important controls. "Most malware incidents reported to CERT NZ are likely to have originated from opening malicious email attachments, or drive-by downloads. Whitelisting the approved applications will help protect the system from these attacks."
It also stressed the importance of logging, saying logs had been not available for many of the incidents reported to it, making a complete post-incident investigation impossible.
The full list is
1. Enforce multi-factor authentication (MFA)
2. Patch your software
3. Disable unused services and protocols
4. Change default credentials
5. Implement and test backups
6. Implement application whitelisting
7. Enforce the principle of least privilege
8. Configure centralised logging and analysis
9. Implement network segmentation
10. Manage cloud authentication
Details can be found here.