Why application whitelisting is so important

In today’s business world, where the pandemic has forced much of the workforce and business online, cyber security concerns are at the forefront of the business agenda. These threats are very real, and they won’t be going away any time soon. A cyber-attack, especially one where customer data has been compromised, can cost a business their reputation and hurt their bottom line.

The Australian government are taking steps to protect Australian government agencies, businesses and consumers from cyber attacks by mandating the Australian Cyber Security Centre’s ‘Essential Eight’ for all 98 non-corporate Commonwealth Entities (NCCEs). One of the eight cyber security mitigation strategies is application whitelisting.

While The Essential Eight is only a recommendation for those businesses that sit outside the NCCEs, it may be that The Essential Eight becomes the new baseline or norm and may affect business income and opportunities if it is avoided.

How application whitelisting works

Application whitelisting involves creating a stringent set of checks for all third-party vendor software to ensure they comply with strict cyber security policies. Once the software has passed this testing phase, they are added to an application whitelist. Only applications that are on the whitelist should be granted access to run on company IT infrastructure.

The application whitelist is implemented on the operating system level. Any application that is not on the application whitelist should be denied access to run. The list doesn’t need to be limited to approved applications. It can include software libraries, scripts, and installers that are safe.

An application whitelist is created to stop malicious code that may have infiltrated company IT systems from running. An application blacklist should also be implemented to include known applications considered unsafe. When implemented by experienced cyber security experts, application whitelisting is an effective tool in helping to combat malicious actors.

Why is third-party vendor software a cyber security risk?

Cyber security checks on third-party software are necessary to protect the digital assets of the business as third-party vendor software can be prone to malicious attacks due to their weaker cyber security posture. Supply chain attacks are on the rise, so it is not enough to just assume a vendor with a good reputation is safe. Supply chain attacks are very often ransomware, where digital assets are held at ransom with threats to go public with it unless a large sum of money is paid.

Malicious actors have become quite sophisticated, putting much planning and thought into their attack strategies and how they can invest minimal resources for maximum financial gain. They have come to realise that planting malicious code into third-party software is the best way to attack larger organisations and government agencies that have a strong security posture.

Application whitelisting can also stop other malicious code from running, like malware, which may have made its way in through a malicious email. These are called phishing attacks. Once within the company system, malware attacks will execute and access the company email list to email itself out to clients. The email looks authentic which may lead to the recipient providing personal information.

Why application whitelisting?

Application whitelisting creates a hurdle that cyber criminals need to jump over. It acts as a deterrent, but it doesn’t work in isolation to stop cyber criminals. That’s why the Essential Eight includes eight strategies. Application whitelisting is just one of the tools required to proactively manage cyber security risk.

While application whitelisting is effective, it doesn’t stop all malicious code from running. Some of it is too sophisticated and requires a different approach, like antivirus software scanning.

In supply chain attacks, malicious code may still make its way through via an approved third-party vendor on the company application whitelist. That’s why other strategies in the Essential Eight need to also be considered. Installations of software applications on the whitelist should still be tested and monitored by security experts to check for any suspicious behaviour. The logging functionality of application whitelisting can also provide useful information.

Cyber security threats are unfortunately here to stay. Implementing a strong cyber security strategy will ensure your business is as prepared as it possibly can be. Talk to the security experts at INTELLIWORX to find out how they can help.