November 2025

Hardening Everyday Applications to Close Everyday Cyber Risks

This article is the seventh in Matrium Technologies Essential Eight Blog Series, where we break down each of the Australian Cyber Security Centre’s (ACSC) key mitigation strategies into clear, practical guidance for business and technology leaders.

In this instalment, we explore User Application Hardening - a highly effective way to reduce cyber risk by disabling features in common applications that attackers routinely exploit.

What “User Application Hardening” Really Means

Modern applications such as web browsers, PDF readers, media players, and email clients come packed with features. Some of these are useful - many are not. Unfortunately, attackers love these unnecessary or high-risk features because they help them deliver malware, run scripts, and bypass security tools.

User Application Hardening is the process of turning off or restricting application features that you don’t need, especially those known to be commonly exploited.

In simple terms:
If your organisation doesn’t use a feature, disable it.
If an application setting increases risk without providing value, lock it down.

Why It Matters for Your Business

• Browsers are the #1 attack surface – Most phishing, malware, and exploit kits target insecure browser features.

• PDFs, scripts, ads, and plugins create hidden risk – Many drive-by attacks rely on embedded content that users never notice.

• Common software = common attacks – Attackers always go after widely-used applications like Chrome, Edge, Adobe Reader, and Office.

• Hardening reduces user error – Even if someone clicks the wrong link, a hardened application significantly limits the damage.

For executives, this is about reducing risk in the software your staff use every single day.

Practical Steps to Implement

Application hardening can be implemented gradually and safely. Focus on disabling features that are rarely required in modern business workflows:

1. Block ads and JavaScript on untrusted sites – Prevent malicious scripts from executing in the browser.

2. Disable Flash, Java, and other legacy plugins – These technologies are outdated and heavily targeted.

3. Configure PDF readers securely – Block JavaScript in PDFs and restrict embedded content.

4. Harden Microsoft Office settings – Prevent automatic content execution and disable unnecessary add-ins.

5. Use Group Policy or MDM tools – Centrally enforce hardening settings across workstations.

6. Standardise on a secure browser – Limit users to a managed, fully hardened browser configuration.

These actions dramatically shrink your attack surface with minimal impact on productivity.

The Maturity Journey

The ACSC’s Essential Eight Maturity Model outlines how organisations can strengthen application hardening over time:

• Maturity Level 1 (Basic Protection): Common risky features (like Flash or Java) are disabled. Web browsers block ads and restrict scripts on untrusted sites.

• Maturity Level 2 (Improved Protection): Additional features that interact with external content - such as embedded media, JavaScript in PDFs, and untrusted add-ins - are disabled by default. Hardening policies are centrally managed.

• Maturity Level 3 (Strongest Protection): Application hardening is enforced organisation-wide with no exceptions. Only trusted sources, signed scripts, and approved content formats are allowed to execute. Browsers and PDF readers are fully locked down to prevent exploitation.

This progression moves organisations from basic protection to a hardened, controlled environment that prevents attackers from exploiting everyday tools.

Final Word

Cybercriminals rely on users interacting with everyday applications - clicking links, opening documents, viewing web pages. User Application Hardening flips the script by making those applications far more difficult to exploit.

It’s a highly effective, low-cost control that protects employees during their normal workday and significantly reduces the organisation’s exposure to malware, phishing, and drive-by attacks.

This is the seventh article in Matrium’s Essential Eight Blog Series. In our final instalment, we will explore Regular Backups - your last line of defence and the key to rapid recovery after a cyber incident.

Matrium Technologies helps organisations implement User Application Hardening and other Essential Eight strategies to achieve compliance and significantly uplift their cyber resilience.