Whilst there is no single solution to protecting your organisation from a cyber-attack, it’s recommended that Organisations implement the Essential Eight Security model as a baseline.
Cyber security threats and data breaches are increasing and are difficult to mitigate. Statistics from recent studies show that instances of malware attacks, data breaches, and intrusion attempts are on the rise.
Even more worrying is the rising cost of cybercrime to businesses. In Australia, the average cost of a single instance of cybercrime is around $276,000.
Tensor5 knows that implementing robust cyber security controls is often a tall order organisations big and small. The reason for this is because so many different areas require security reinforcement and it can be easy to miss some critical marks or be overwhelmed by the effort. Cyber security is not a one-size-fits-all kind of investment; many organisations, especially SMEs and startups, struggle to make the right security choices.
In 2017, the Australian Cyber Security Centre (ACSC) came up with the Essential Eight strategy for mitigating cybersecurity threats. The Australian Signals Directorate (ASD) considers the Essential Eight as one of the most effective defence strategies against cybercriminals for all organisations. The Essential Eight are also known as the ASD Essential Eight.
By following the Australian Cyber Security Centre’s Essential Eight Maturity Model, we can bring structure and order to securing our defences.
The Essential Eight strategy focuses on three key areas of cybersecurity:
Preventative Measures
The first step in cyber defence is protection. This part of the strategy is aimed at preventing malware delivery and the execution of malicious code.
- Application Whitelisting
- Patch Applications
- Configure MS Office Macro Settings
- Application Hardening
Reduce Impact
This stage focuses on limiting how far an attacker can get by minimising security loopholes in accessing data and resources. The idea is to seal off every access point and ensure that attackers have no means of gaining entry through these access points.
- Restrict Administrative Privileges
- Multi-Factor Authentication
- Patch Operating Systems
Resiliency & System Availability
Data and resource availability is a big part of cyber security, and so is data and system integrity. The Essential Eight strategy caters to data availability as well as secure storage and access to information.
- Daily Backups
Maturity Levels
The ACSC defines three distinct maturity levels for each of the Essential 8 strategies, that determine an organisation’s preparedness to deal with cybersecurity problems using the Essential Eight. For detailed criteria of each maturity level, read more on the Australian Cyber Security Centre website.
- Maturity Level One: Partly aligned with the Essential Eight strategies.
- Maturity Level Two: Mostly aligned with the Essential Eight strategies.
- Maturity Level Three: Fully aligned with the Essential Eight strategies.