//Cybersecurity for business
The Australian Cyber Security Center's ACSC Essential 8
The Australian Cyber Security Centre’s Essential 8 Model recommends eight core strategies that companies should implement to prevent cyber-attacks, limit damage from attacks, and enable efficient data recovery if required.
The ACSC Essential 8 is a series of eight strategies recommended by the Australian Government to support Australian businesses prevent cyber attacks, limit damage caused by cyber attacks and, if all else fails, recover data lost from attacks or human errors.
Each strategy has identified three maturity levels (i.e. stages) to support businesses build an optimal Cyber Security Management System (CSMS). The ACSC recommends that “as a baseline, organizations should aim to reach Maturity Level Three for each mitigation strategy.”
The strategies and maturity levels are supported by the Australian Government’s Information Security Manual (ISM), which outlines the minimum-security controls businesses need to meet the intent of the Essential 8 strategies.
Our ACSC Essential 8 CSMS is designed to ensure businesses are compliant with the ACSC Essential 8 and meet the security controls outlines in the ISM.
“Implementing the Essential Eight proactively can be more cost-effective in terms of time, money and effort than having to respond to a large-scale cyber security incident.”
– Australian Cyber Security Centre
//CyberSecurity for business
The ACSC Essential 8 Strategies
Combined, the ACSC Essential 8 Strategies form a powerful defence against cyber-attacks. Click through the below links to learn more about each strategy to see if it is right for your business.
Mitigation Strategies to Prevent Malware Delivery and Execution
Application Control is a cyber-attack prevention strategy. It involves generating an index of approved applications which are allowed to run in trusted locations on a computer network. In contrast, application blacklisting is the process of denying certain programs to run. Application Control is a stronger prevention tool as it combats zero-day attacks. Find out more.
Patch Application is the process of installing patches to fix identified vulnerability in software applications. Patches can also provide upgrade of features and extended functionalities. Regular updates can dramatically reduce the risk of cyber-attacks. Find our more.
Configuring Microsoft Office settings can prevent malicious macros installing and running on your computer system. Dangerous macros are often embedded in seamlessly ‘normal’ documents such as excel or word files and can be accidentally downloaded via websites or email. Smart configuration of Microsoft Office programs can prevent macros in their tracks. Find out more.
Similar to Application Control, User Application Hardening is the process of deciding what certain applications/programs are allowed to do on a system or network. This is important as applications such as Adobe Flash and Java can sidestep traditional antivirus software to enable malware or exploit kits to be downloaded onto your computer business network. Find out more.
Mitigation Strategies to Limit the Extent of Cyber Security Incidents
Restricting Administrative Privileges is the practice of only enabling the minimal computer administrative privileges needed by an employee to carry out their daily operational needs. Reducing the number of people who have overarching rights to install programs, run macros and enable applications, reduces the risk that a hacker can access the system. Further, if a system is hacked, it limits the extent of potential damage. Find out more.
Patching Operating Systems is a cyber security strategy which can mitigate the risk of cyber-attacks, as well as reduces potential damage. Like applications, the operating system needs to be updated regularly to fix known vulnerabilities. Without patching, hackers can leverage weaknesses in the system. Find out more.
Multi-Factor Authentication is the strategy of establishing multiple sign-in requirements for users to log in to devices and programs. This increases the difficulty of a hacker accessing a user’s system via a vulnerability. Common Multi-Factor Authentication processes involve the user undertaking a standard sign in, and then confirming a code which is sent to an email or mobile phone to verify their identity. Find out more.
A Daily Backup offers a last resort, ‘if all else fails’ solution for recovering stolen, hacked, damaged or lost data. The ACSC Essential 8 strategy recommends all backups are store for at least 3 months in a secure online or offline location that is not rewritable and non-erasable. Hopefully, companies never need to use their backups, but it is good to know they are there just in case. Find out more.
How can my business implement the Essential 8 Strategies?
Our Cyber Security Management System (CSMS), which includes software, policies, training and processes, delivers all 8 essential strategies to mitigate the risk of a cyber attack. This means all our clients are compliant with the Australian Cyber Security Centre’s recommendations.