With the continued rise of data breaches and cyber attacks such as ransomware, Australian businesses must actively prioritise their cyber security efforts in order to protect their sensitive information and assets.
To support businesses to improve their cyber security posture, the Australian federal government has invested in and partnered with bodies such as the Australian Cyber Security Centre (ACSC) to provide easy to follow security frameworks, such as the ACSC Essential Eight.
In this blog article, we will look at what the Essential Eight is, why they are important, and how they can help protect your business from cyber threats.
What is the Essential Eight?
The Essential Eight are Strategies to Mitigate Cyber Security Incidents and act as a baseline to help organisations protect themselves against various cyber threats. This baseline makes it much harder for cybercriminals to compromise systems.
According to the ACSC, they focus on Microsoft-based and Internet-based applications. The controls are divided into eight domains.
What are the Essential Eight domains?
Broken down into three subcategories, the Essential Eight Strategies to Mitigate Cyber Security Incidents includes:
Mitigation strategies to prevent malware delivery and execution
- Application control
- Patch applications
- Configure Microsoft Office macro settings
- User application hardening
Mitigation strategies to limit the extent of cybersecurity incidents
Mitigation strategies to recover data and system availability
What are the Essential Eight Maturity Levels?
The Essential Eight Maturity Model is designed to assist organisations to implement the Essential Eight in a graduated manner based on different levels of adequacy and targeting. The different maturity levels can also be used to provide a high-level indication of an organisation’s cyber security maturity.
- Maturity Level One - Partially aligned with mitigation strategy objectives.
- Maturity Level Two - Mostly aligned with mitigation strategy objectives.
- Maturity Level Three - Fully aligned with mitigation strategy objectives.
As the mitigation strategies that constitute the Essential Eight have been designed to complement each other, and to provide coverage of various cyber threats, organisations should plan their implementation to achieve the same maturity level across all eight mitigation strategies before moving onto higher maturity levels.
The Australian Signals Directorate (ASD) recommends that all Australian businesses achieve maturity level three for the optimal malware threat and cyberattack protection.
Is the Essential Eight Mandatory?
In 2022, the federal government mandated the Essential Eight framework for 98 non-corporate Commonwealth entities (NCCEs). Previously, only the top four security controls of the Essential Eight were mandatory.
To ensure all security controls are maintained at the highest degree, the above-mentioned entities must also undergo a comprehensive audit every 5 years.
A baseline to developing robust security practices...
It is important to note that organisations should not look at the Essential Eight as a tick box checklist, as the cyber threat landscape continues to evolve and cybercriminals continue to change the methods they use to attack organisations. The Essential Eight should be viewed as a continual improvement exercise to assess and develop baseline mitigation strategies.
Coupled with the strategies provided by the Essential Eight, we recommend that all businesses speak with their technology provider to ensure that their cyber security defences include the following modern protection solutions:
- Endpoint Detection and Response
- Next-gen firewall (FortiGate)
- Routine Patching
- Multi-Factor Authentication
- Employee Education and Training Programs
How Diamond IT can support your cyber security strategy
The Diamond IT team specialise in reviewing cyber security strategies to ensure they are fit-for-purpose, align with government recommendations, and include the necessary defences required to best protect your business from malicious threats. We can support you through establishing your Essential Eight maturity level and improve your overall cyber security posture.
Our Business Technology Managers (BTMs) and Business Technology Consulting team are specialists in improving your internal cybersecurity and are ready to speak with you. Contact our team on 1300 307 907 today.