Essential Eight

This article provides context around the benefit of measuring your organisation’s cyber security defence maturity against the Australian Cyber Security Centre’s Essential Eight.

Cyber Threats

Threats to our personal and organisation’s cyber security are omnipresent. Common threats include:

  • Malware
  • Ransomware
  • Distributed denial of service (DDOS)
  • Unauthorised cryptomining
  • Malicious insiders
  • Identity theft
  • Phishing
  • Email scams

If you or your organisation utilises information technology, then you are a potential target.

Anti-virus software alone is not sufficient to protect your information technology resources. Cyber threats can be sophisticated and, in many cases, don’t require any access to devices, only the people who operate them.

Cost savings made not implementing contemporary mitigation strategies can be exponentially outweighed by the costs incurred trying to recover if targeted, so it can pay to be prepared

Reviewing and Improving System Defences

So where is a good place to start in terms of reviewing your systems’ defences against cyber security threats?

The Australian Cyber Security Centre (ACSC), a part of the Australian Signals Directorate (ASD), has compiled a list of mitigation strategies that organisations can use as starting points to improve their cyber resilience.

The ACSC states that “While no single mitigation strategy is guaranteed to prevent cyber security incidents, we have identified eight essential mitigation strategies which should be implemented as a baseline where practicable”.

Known as the Essential Eight, if applied correctly the mitigation strategies will make it much harder for adversaries to compromise systems.

Importantly, implementing the Essential Eight proactively can be more cost-effective in terms of time, money and effort than having to respond to a successful large-scale cyber security incident.

The eight strategies cover:

  • Application whitelisting
  • Patching applications
  • Office macros
  • Harden user applications
  • Restricting administrative privilege
  • Patching operating systems
  • Multi-factor authentication
  • Backup daily

In conjunction with the Essential Eight, ACSC has released a three-level maturity scale to assist organisations in determining the maturity of their implementations.

With permission from the ACSC, Assessity has replicated and mapped the Essential Eight Maturity Model into its self-assessment platform. The assessment tool can be accessed for free via the Assessments Catalogue at https://my.assessity.com.

For more information on the Essential Eight visit the ACSC page at https://www.cyber.gov.au/publications/essential-eight-explained.

For details on the Essential Eight Maturity Model, visit https://www.cyber.gov.au/publications/essential-eight-maturity-model.

Leave a Reply

Your email address will not be published. Required fields are marked *

I accept the Privacy Policy

This site uses Akismet to reduce spam. Learn how your comment data is processed.