The Essential Eight
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has developed a number of mitigation strategies, in the form of The Strategies to Mitigate Cyber Security Incidents. The most effective of these strategies are known as the Essential Eight.
This recognises that no single mitigation strategy is guaranteed to prevent all cyber security incidents. Rather, organisations are recommended to implement a series of mitigation strategies to make it much harder to compromise systems. Implementing the Essential Eight proactively is certainly preferable to responding to a large-scale cyber security incident.
In a world of increasing internet threats, the Essential Eight and the risk mitigation steps it outlines are the new ‘norm’ of doing business.
The Essential Eight includes implementing the following basic strategies to protect your business:
- Application whitelisting.
Why: All non-approved applications (including malicious code) are prevented from executing.
- Patch applications regularly.
Why: Security vulnerabilities in applications can be used to execute malicious code on systems.
- Restrict administrative privileges.
Why: Administrator accounts are the ‘keys to the kingdom’. Adversaries use these accounts to gain full access to information and systems.
- Patch operating systems.
Why: Security vulnerabilities in operating systems can be used to further compromise systems.
- Microsoft Office macro settings.
Why: Microsoft Office macros can be used to deliver and execute malicious code on systems.
- User application hardening
Why: Flash advertisements and Java ‘pop-ups’ are popular ways to deliver and execute malicious code on systems.
- Multi-factor authentication.
Why: Stronger user authentication makes it harder for adversaries to access sensitive information and systems.
- Daily backups.
Why: To ensure information can be accessed following a cyber security incident (e.g. a ransomware attack).