The Essential 8 Series: the fourth control user application hardening

We’re halfway through our Essential Eight series, and today we’ll discuss User Application Hardening.

The ACSC emphasises that user application hardening is crucial for protecting organisations from various threats, including malicious websites, harmful scripts in advertisements, and exploitation of vulnerabilities in unsupported software. It’s about making it more challenging for cybercriminals to exploit vulnerabilities or misuse application functionalities for malicious purposes.

So, how does this relate to your web browser? To effectively harden your browser, consider the following steps:

• Avoid processing Java or web advertisements from the internet.
• Disable users from changing browser security settings.
• Lastly, remove or disable Internet Explorer altogether.

To help you visualise user application hardening, think of it as building a medieval castle. Imagine the castle with its moats, drawbridge, and fortified doors. In the same way, user application hardening creates layers of defence to protect your browsing experience. It locks down security settings, allows only trusted elements to interact with your browser, and eliminates vulnerable components like Internet Explorer.

But why is this important for your business?

In June 2023, Google had to remove 32 malicious extensions from the Chrome Web Store. These extensions redirected users to harmful sites and even downloaded malicious programs, giving hackers potential access to sensitive information. With over 75 million downloads reported, someone in your workforce may have been affected, making your organisation a target for future attacks.

To address this, focus on the first Essential Eight control: Application Control. Using a single browser throughout your organisation improves security and makes implementing security controls more manageable.

Once you’ve selected a browser, consult with your IT provider to implement the recommended controls for user application hardening. This step ensures your organisation’s security and helps create a consistent browsing experience.

By taking these proactive measures, you’re safeguarding your digital presence, protecting against cyber threats, and promoting a safer online environment.

SOURCES:

Malicious Chrome extensions with 75M installs were removed from Web Store (bleepingcomputer.com)