Understanding the Essential Eight and Learning to Leverage the Methodology
Since the start of the pandemic, cybercrime has risen 500% (Reuters) and Australia, in particular, has received a plethora of unwanted attention from cyber criminals. Australia experiences an average of 164 cyberattacks daily. These cyberattacks often result in leaked sensitive information and cost businesses around $1.07 million, especially when remote work is involved.
In an effort to combat the attacks on the nation’s institutions, the Australian Cyber Security Center developed the Essential Eight as a methodology to secure sensitive data.
What is the Essential Eight?
The Essential Eight can be summarised as (you guessed it) 8 strategies designed to prevent and limit the impact of cyber-attacks in Australia. The eight strategies are grouped into three categories: actions to prevent attack, actions for limiting exposure if an attack occurs, and data recovery to avoid repercussions from ransomware.
What is the Essential Eight Maturity Model?
In congruence with the Essential Eight strategies, the ACSC published a methodology known as the Essential Eight Maturity Model. This is a framework developed to support the implementation of the Essential Eight strategies. Each maturity level recognises a higher level of security within your environment. It provides an objective methodology and common language to assess today’s reality and create a roadmap to reach higher maturity levels across each of the eight criteria.
Since the release of the Essential Eight Maturity model in June 2017, many of the strategies have been adopted internationally. It is important to note that the Essential Eight is not another software product, but a methodology and modern approach to achieving a uniform understanding of cyber security.
What Benefits are there to Following the Essential Eight?
One of the most apparent benefits of following the Essential Eight is an elevated position and awareness of security. By following the steps, your business will be able to confidently withstand attacks, while minimizing damage if a breach does occur. Additionally, your business will be well positioned to recover quickly should an unwanted intruder make it into your environment.
As a bonus, your security team will be able to report on progress through the four levels of the maturity model defined by the Australian Cyber Security Center. This will provide confidence to leadership and the board, and a common language to avoid ambiguity.
A Better Employee Experience
An advantage to embracing the Essential Eight is the ability to enable your employees to have a better experience with their technology than ever before. Modern security eliminates the need for employees to be confined to an office network. This means no more clunky experiences with VPNs. Employees are ‘securely’ enabled to work remotely on any device, including personal devices.
Another benefit is the ability for your team to embrace passwordless authentication. This is achieved through the usage of biometrics like facial recognition or fingerprint logins. The process makes for a more streamlined and productive team that no longer needs to worry about cumbersome password management, further reducing your support overhead.
Lower IT Costs
Seven of the Essential Eight strategies are attainable through Microsoft 365 licenses. For organisations that already have Microsoft 365, this provides a major opportunity to simplify the security stack and reduce the number of technology vendors they are working with.
The automation capabilities that accompany Essential Eight processes enable IT teams to shift their attention from routine tasks to proactive innovation.
The Steps to Embrace the Essential Eight
Group 1 Preventing Attacks:
The Application control is the first step to implementing the preventative measures of the essential eight. This practice involves only allowing the use of applications that are approved by an organisation’s executive team. Unvetted applications that fall outside of this criterion should be prohibited for work activities in a security minded organisation.
The practice of patching applications consistently is also considered a measure of preventing attacks according to the Essential Eight. By regularly patching applications, administrators are able to ensure they are up-to-date, and also guarantee any security vulnerabilities revealed in the app are addressed. The E8 calls for rectification and patching within 48 hours of the discovery of an exploit.
Configuring Microsoft Office Macros
Through proper configuration of Microsoft Macro settings, admins can disable and enable security settings based on the “least privileged access” – a concept that involves only allowing end-users permissions to resources that are imperative to productivity.
This strategy also enables admins to automate frequently performed tasks via a series of commands and instructions.
Hardening User Applications
Group 2: Limiting the Range of Breach
Restricting Administrative Privilege
If an unwanted party does somehow make their way into your environment, it is important to limit the extent of the breach. You can start by restricting administrative privilege. This makes an intruder’s ability to make major changes to an environment. Without proper restrictions in place, your business is susceptible to major vulnerabilities. Locking down administrative privileges uses the concept of ‘least privileged access’ by barring unprivileged accounts from logging into privileged environments, preventing unwanted changes. Additionally, by leveraging PIM allows you to reduce the visibility of Global Admin accounts, further enhancing the security overview.
Patching Operating Systems
When preparing to limit the extent of a possible breach, it is important to develop a plan to consistently patch your operating systems. Identifying and patching operating systems allows your business to regulate security vulnerabilities that may be exploited in internet-facing services, workstations, servers and networks. The strategy calls for use of a vulnerability scanner to identify missing patches and alert admins or update automatically.
Embracing Multi-Factor Authentication
Multifactor authentication (commonly referred to as MFA) is the verification step to ensure that the person logging in to an environment is actually who they claim to be. When MFA is deployed, a user is only granted access to a specific resource after they have effectively presented two or more pieces of evidence to prove their identity.
A common example of MFA that most are familiar with is the process of one device sending a code to another owned by a credentialed individual (i.e. when your laptop sends a verification code to your phone).
1. Something you know – like a password username or pin code
2. Something you are – this component uses biometric technology like facial recognition or fingerprints
3. Something you have – for example a smartphone with an authenticator app or digital certificate
Group 3: Data Recovery
The final element to the Essential Eight ensures that if your environment is breached, resources are easily recoverable. Automating daily backups allows your team to recover quickly if a breach does occur.
If a ransomware event occurs, it is critically important that daily backups exist and are managed to ensure your team can restore your business’s most crucial data without paying the ransom.
Through the adoption of the Essential Eight, your business will be able to effectively modernise security. When aligned with a Zero Trust architecture the methodology of the Essential Eight will position your business with a far stronger security posture, an improved employee experience, and ultimately a lower IT spend. You will not regret adopting the Essential Eight. The benefits to your business will be transformative.
Download our Essential Eight Guide
Discover how your business can prevent and limit the impact of cyber attacks. This non-technical guide for executives and board members explains how businesses can prevent breach and ransomware, and ensure data recovery.
Glen Stonehouse is Mobile Mentor’s Head of Sales in Australia. He has over 25 years of experience in sales and operations in the IT space. His credentials boast a wealth of experience pertaining to sales leadership and the navigation of complex project-based outcomes.