So, What is the Essential 8?
Put simply, they are 8 mitigation strategies developed by the Australian Cyber Security Centre (ACSC) to help businesses of all sizes protect themselves against various cyber threats. Depending on whether they have been implemented in your business and to what degree, will dictate the maturity level your business aligns to.
- Partly aligned with the mitigation strategy (low compliance)
- Mostly aligned with the mitigation strategy (medium compliance)
- Fully aligned (highly protected)
What Are the 8 Essential Mitigation Strategies?
Application
Control
Patch
Application
Configure Microsoft Office
Macros
Use Application
Hardening
Restrict Administrative
Priveleges
Patch Operating
System
Multi-Factor
Authentication
Performing Daily
Backups
Cyber Crime Isn’t Something You Can See
Until It’s Too Late
Protecting your business against cybercrime and implementing a strong strategy often gets put on the bottom of the list.
This can happen because the threat can’t be seen, but here’s what it might look like…
Level 0: Basic Security
But No Strategy
Maturity Level 0 is like having a house and accidently leaving the doors and windows unlocked. An opportunistic attack is a lot more common in these cases and the damage severe.
When it comes to your business…
MSP’s (Managed Service Providers) will offer a good level of preventative security but if there is no strategy, visibility or forensics your attack target and damaged cause will be a lot greater.
Level 1: Improved Security
with Basic Strategy
Maturity Level 1 equates to locking your doors and windows all the time which makes it a lot harder for Cyber criminals to gain entry.
When it comes to your business…
Implementing the Essential 8 controls at Maturity Level 1 gives you the beginnings of a strategy as well as making it harder for criminals to move around your network in case of a breach.
Level 2: Tighter Security
with a Well-Formed Strategy
Maturity Level 2 significantly improves your cyber posture. This is like having your house fully locked up and an alarm system with cameras in place.
When it comes to your business…
By implementing Essential 8 controls at Maturity Level 2 this gives you the preventative protections to keep the criminals out but if they do get through it gives you the visibility and forensics to see how they got in, what they have done and how to get them out.
Level 3: Enterprise Security
with a Fully Formed Strategy
Maturity Level 3 reduces your attack surface dramatically. This would be like having a house with 24/7 security in place at all times.
When it comes to your business…
Essential 8 controls at Maturity Level 3 would fully align with all controls at all levels. It is designed for large companies and enterprises that have a high degree of regulatory obligation or highly valuable (targeted) data and is rarely seen in the Small to Medium markets.
FREE eBook: 8 Cyber Essentials
to Safeguard Your Business
Cyber criminals are always finding new ways to break in and they don’t discriminate. In fact, as small and medium businesses generally have lower or no effective security measures in place, they are often an easy target for cyber criminals. No matter how big or small your business is, it’s vital that you have security measures in place to protect what matters most to you.
But where do you start? Download our eBook to find out!
Download the EBookApplication Control
Prevent Unauthorised Apps from Being Installed
Why?
If Malware is unable to run, it significantly reduces your risk and means the other strategies are only required as last resort.
By implementing Application control, it makes it progressively harder for even a determined attacker to breach.
Patch Applications
Keep Your Applications Up to Date
Why?
Security vulnerabilities in applications are gateways for malware and exploits. Unpatched applications could allow an attacker access to your network and to steal, encrypt or otherwise damage your data.
CONFIGURE MICROSOFT OFFICE MACROS
Block Malicious Scripts from Compromising your Systems
Why?
Office Macros are special scripts and code, and can run at elevated rights. Malicious Macros can download other code, run applications, encrypt your data and attack the remainder of your network.
If you are using Macros, you should only allow known macros to be run in your environment. But there should be a strategy in place to find an alternative solution.
USER APPLICATION HARDENING
Your Browser can be an Open Window for Cyber Criminals. Close it!
Why?
Internet applications like Java and Flash can be sources of malware. By hardening the internet browsers through our tools, we limit the opportunity for malware to infect your environment.
RESTRICT ADMINISTRATION PRIVILEGES
Ensure Only the Right People Have Full Access to Your Systems
Why?
Everyone likes being in control but power in the wrong hands can easily lead to mistakes including downloading programs, installing new applications, lower security protections, deleting files, encrypting files. Without intending, users set to administrators pose a huge security risk as they won’t carry out the required checks before completing any of those actions.
PATCH OPERATING SYSTEMS
Operate Fully & Securely
Why?
Security vulnerabilities in operating systems are gateways for malware and exploits. Unpatched operating systems could allow an attacker access to your network and to steal, encrypt or otherwise damage your data.
By working with Future IT Services, we ensure all of your devices are running on the latest operating system.
MULTI-FACTOR AUTHENTICATION
The Easiest & Most Effective Method of Security in Just 1 Click
Why?
MFA restricts access to applications like Microsoft 365 to only those users who can respond to the MFA prompt. This means that even if an account is compromised, the target needs to positively respond to the MFA prompt for the attacker to be successful.
At Future IT Services, we recommend all platforms and accounts should have MFA enabled.
PERFORMING DAILY BACKUPS
Implement the 3-2-1 Rule. You Can Never Have Too Many Backups
Why?
Data stored locally on devices, in Microsoft 365 or a server is vulnerable to compromise, deletion, encryption. Regular, automated backups of all data is essential to ensure that there is a recovery path should a device or account be compromised.
You should have 3 copies of your data, in 2 different types of media and at least 1 copy stored offsite.