This article provides context around the benefit of measuring your organisation’s cyber security defence maturity against the Australian Cyber Security Centre’s Essential Eight.
Threats to our personal and organisation’s cyber security are omnipresent. Common threats include:
- Distributed denial of service (DDOS)
- Unauthorised cryptomining
- Malicious insiders
- Identity theft
- Email scams
If you or your organisation utilises information technology, then you are a potential target.
Anti-virus software alone is not sufficient to protect your information technology resources. Cyber threats can be sophisticated and, in many cases, don’t require any access to devices, only the people who operate them.
Cost savings made not implementing contemporary mitigation strategies can be exponentially outweighed by the costs incurred trying to recover if targeted, so it can pay to be prepared
Reviewing and Improving System Defences
So where is a good place to start in terms of reviewing your systems’ defences against cyber security threats?
The Australian Cyber Security Centre (ACSC), a part of the Australian Signals Directorate (ASD), has compiled a list of mitigation strategies that organisations can use as starting points to improve their cyber resilience.
The ACSC states that “While no single mitigation strategy is guaranteed to prevent cyber security incidents, we have identified eight essential mitigation strategies which should be implemented as a baseline where practicable”.
Known as the Essential Eight, if applied correctly the mitigation strategies will make it much harder for adversaries to compromise systems.
Importantly, implementing the Essential Eight proactively can be more cost-effective in terms of time, money and effort than having to respond to a successful large-scale cyber security incident.
The eight strategies cover:
- Application whitelisting
- Patching applications
- Office macros
- Harden user applications
- Restricting administrative privilege
- Patching operating systems
- Multi-factor authentication
- Backup daily
In conjunction with the Essential Eight, ACSC has released a three-level maturity scale to assist organisations in determining the maturity of their implementations.
With permission from the ACSC, Assessity has replicated and mapped the Essential Eight Maturity Model into its self-assessment platform. The assessment tool can be accessed for free via the Assessments Catalogue at https://my.assessity.com.
For more information on the Essential Eight visit the ACSC page at https://www.cyber.gov.au/publications/essential-eight-explained.
For details on the Essential Eight Maturity Model, visit https://www.cyber.gov.au/publications/essential-eight-maturity-model.