Due to an increase in cyber-attacks and businesses being held to ransom, the Australian cyber security strategies have undergone a revamp. The Commonwealth Government has redeveloped them after recent consultation with industry.
They have introduced changes to the Essential Eight security strategies and the associated maturity levels to help make all businesses safer and more secure online, and here is the breakdown.
What are the Essential Eight?
The Essential Eight are strategies (8 strategies) to mitigate cyber security risks for Windows-based networks. They were developed by the Australian Cyber Security Centre (ACSC) in 2017 and have recently been updated. They can help businesses defend up to 85% of targeted attacks.
The Essential Eight is a baseline strategy and all companies need to implement this base level within the next 2 years.
Why is it important to your business?
- The Essential Eight applies to all business, big and small, no matter how many staff they have.
- Cyber-attacks are real whether its stealing confidential business information, holding your business ransom or sending emails to your staff to try and hoodwink them.
- Cyber-attacks cost the Australian economy roughly $1 billion each year.
- Data breaches can affect business reputation and can mean loss of clients.
- Insurance premiums are increasing for businesses failing to implement cyber security measures.
What are the Essential Eight strategies?
The Essential Eight are used to prevent attacks, limit the extent of attacks, and recover data & system availability in the event of an attack.
- Application whitelisting. Only approved and trusted applications should run on business computers to stop malware and ransomware.
- Patch management. Apply updates (patches) to all third-party applications quickly to fix known security vulnerabilities and stop attacks.
- Configure Office macro settings. Limit all users’ ability to create macros.
- User application hardening. Limit user applications as attackers can use these to execute malicious code on business systems.
- Restrict administration privileges. Access privileges should be limited, managed and monitored regularly. The more people who have administration rights, the more opportunities threat actors have to access systems through these admin accounts.
- Patch operating systems. Apply the latest updates to operating systems, servers, and devices quickly to fix known security vulnerabilities.
- Multi-factor authentication. Having two layers of protection when logging in to emails, systems, etc. This can include using the username and password, then a verification code sent to a secondary device to authenticate the user.
- Backups. Perform daily backups of important data, software, and settings, and retain them for at least three months. Backups are important to ensure your business can be up and running in the event of a security incident.
Maturity levels
Within the Essential Eight strategies, there are three maturity levels. The levels show the maturity of your cyber security compliance within the framework.
| Maturity Level 1 | Partly aligned with the intent of the mitigation strategy |
| Maturity Level 2 | Mostly aligned with the intent of the mitigation strategy |
| Maturity Level 3 | Fully aligned with the intent of the mitigation strategy |
The Essential Eight cyber security strategy has been developed to help businesses safeguard their systems, data, and infrastructure from cyber-attacks and the costs of these attacks. Now more than ever before, ALL businesses must do what they can to stay secure because ALL businesses could become a target.
If you would like to know more about implementing the Essential Eight strategies in your business, contact the experts at INTELLIWORX today.
