The Australian Cyber Security Centre (ACSC) recommends eight essential strategies to prevent malware delivery, limit the impact of cybersecurity attacks and improve recovery. Released in 2017, the Essential Eight is an evolution of the Australian Signals Directory’s (ASD) Top Four recommendations.

The Essential 8 is a cybersecurity framework that outlines 8 critical controls for reducing cyber threats. The simplified version of the Essential 8 is:

1.   Application Whitelisting - (Application Control)

2.  Operating System (OS) Security Configuration

3.  Controlled Use of Administrative Privileges

4.  Patch Management for Applications and Operating System

5.  Data Loss Prevention (DLP)

6.  Limit Network Exposure for Critical Assets

7.  Endpoint Detection and Response (EDR)

8.  Account Monitoring and Control

The maturity levels range from Level 1 (Ad Hoc) to Level 5 (Optimized) based on the level of implementation and management of the controls.

To start the process of reaching maturity level 2 or 3 with the Essential 8, the following steps can be considered:

1.  Conduct a current state assessment: Assess your current security posture and identify the gaps in implementing the Essential 8 controls.

2.  Prioritize and Plan: Prioritize the Essential 8 controls based on their relevance to your organization and develop a plan to implement them in a phased manner.

3.  Implement and monitor: Implement the Essential 8 controls, following industry best practices and guidelines. Regularly monitor and evaluate the implementation to identify any gaps or areas for improvement.

4. Train and Awareness: Ensure that all employees receive adequate training on cybersecurity best practices and are aware of the importance of the Essential 8 controls.

5.  Continuously assess and improve: Continuously assess and improve the implementation of the Essential 8 controls to ensure they remain relevant and effective in protecting your organization against cyber threats.

Want a deeper dive into the Essential Eight - Click here.