Strategies to Mitigate
Cyber Security Incidents
First published: February 2010
Last updated:
February 2017
Introduction
The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to help cyber security
professionals in all organisations mitigate cyber security incidents caused by various cyber threats. This guidance
addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence
services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email
compromise’, and industrial control systems.
This guidance is informed by the ACSC’s experience in responding to cyber security incidents, performing vulnerability
assessments and penetration testing Australian government organisations.
Prior to implementing any of the mitigation strategies, organisations need to identify their assets and perform a risk
assessment to identify the level of protection required from various cyber threats. Furthermore, organisations require
motivation to improve their cyber security posture, supportive executives, access to skilled cyber security professionals
and adequate financial resources. Motivators can include a significant cyber security incident, a penetration test,
mandatory data breach reporting, mandatory compliance, and evidence of a lower cyber security posture or higher
threat exposure than previously realised.
The following page provides mitigation strategies and a suggested implementation order for:
targeted cyber intrusions and other external adversaries who steal data
ransomware denying access to data for monetary gain, and external adversaries who destroy data and prevent
computers/networks from functioning
malicious insiders who steal data such as customer details or intellectual property
malicious insiders who destroy data and prevent computers/networks from functioning.
When implementing a mitigation strategy, first implement it for high risk users and computers such as those with
access to important (sensitive or high-availability) data and exposed to untrustworthy internet content, and then
implement it for all other users and computers. Organisations should perform hands-on testing to verify the
effectiveness of their implementation of mitigation strategies.
No set of mitigation strategies is guaranteed to prevent all cyber security incidents. However, properly implementing
the eight mitigation strategies with an ‘essential’ effectiveness rating is so effective at mitigating targeted cyber
intrusions and ransomware, that the ACSC considers these to be the new cyber security baseline for all organisations.
The companion Strategies to Mitigate Cyber Security Incidents – Mitigation Details publication contains
implementation guidance for the mitigation strategies, as well as guidance to mitigate ‘business email compromise’ and
threats to Industrial Control Systems. Further, the companion Essential Eight Maturity Model publication advises how
to implement mitigation strategies in a phased approach and how to measure the maturity of their implementation.
Finally, the ACSC’s website has supporting guidance in the Information Security Manual, as well as separate guidance
for mitigating denial of service, and securely using cloud computing and enterprise mobility.
1