Essential Eight cyber security overhaul and how it affects Australian businesses

Developed by The Australian Cyber Security Centre (ACSC) in 2017 to address cyber security threats, the Essential Eight cyber security strategies have had an overhaul after government consultation with industry partners. The Essential Eight are about to become compulsory for all 98 non-corporate Commonwealth Entities (NCCEs) which will have an impact on how Australia conducts cyber business into the future.

The aim of mandating the Essential Eight is to protect Australia and Australians. So much of our lives are now online, including much of our sensitive information. New threats have emerged due to the pandemic which has led the government to take swift action to establish a set of principles to help protect consumers and businesses.

While these changes will not be mandatory for businesses that sit outside NCCEs, the ACSC highly recommends businesses follow the Essential Eight to protect their digital assets. They recommend investing resources now rather than having to deal with costly and damaging cyber-attacks later.

However, this isn’t the only incentive. The government will be auditing the NCCEs for compliance, and the NCCEs may also require, as part of their contractual obligations with other businesses, to check compliance. This could result in businesses losing opportunities if they do not comply.

Essential-8-01

The Essential Eight mitigation strategies

The Essential Eight are, put simply, eight strategies to mitigate attacks by malicious actors on Microsoft Windows-based networks. They are a baseline, to be employed by organisations, to help protect their digital assets and the privacy of their customers.

In general terms, the Essential Eight is:

  • A 48hr timeframe to patch vulnerabilities
  • Tighter configuration around web browsers to stop malicious code
  • Tightening administration privileges
  • Stopping malicious macros from running through Microsoft Office
  • Multi-factor authentication
  • Creating a list of approved applications to stop unapproved applications from running
  • Daily backups of critical data
  • Keep operating systems patched/up to date within forty-eight hours

Previously, NCCEs were only required to implement the top four of the Essential Eight. They will now be required to implement all eight. In the past they were also able to self- assess their compliance. The new mandate will introduce audits to check proper compliance.

The Essential Eight maturity model

The Essential Eight maturity model is essentially levels of compliance that sit across all eight mitigation strategies. A new “level zero” has been introduced with this lowest level indicating significant weaknesses in an organisation's network which need to be addressed. The highest level, level three, indicates a network that is proactive and prepared to ward off sophisticated malicious threats.

In the past, NCCEs could focus on achieving a certain maturity level in any one of the eight. They could have varying levels in each of the eight strategies. This new mandate will require them to achieve the same level across all Essential Eight before progressing to a higher maturity level.

The required maturity level depends on the individual business and their unique set of circumstances. What is the risk of an attack and what does the business have to lose? Once the appropriate target level is established based on this risk, organisations should work to achieve it through appropriate reviewing and monitoring.

Security experts can help businesses transition to the Essential Eight. Contact Essential Tech today to find out how they can help secure your digital assets.

Got Any Questions?

We listen and learn to understand your business challenges, so we can deliver effective solutions that meet your specific business needs. Speak with an expert now!

Request Quote

Move to the Cloud, Adopt These Security Measures by Essential Tech Brisbane

  Move to the Cloud, But Adopt These Security Measures to Protect Yourself and Others     The case for cloud... Read more

Why Cybersecurity Should be a Business Priority by Essential Tech Brisbane

  Why Cybersecurity Should be a Business Priority     At its core, cybersecurity is about risk.  How much risk is a... Read more

Three IT Challenges You Can Conquer with Co-Managed Services

  Three IT Challenges You Can Conquer with Co-Managed Services Co-managed services vary by provider, but may be the ideal solution if your... Read more

Best Practices for Efficient, Cost-Effective, and Productive Enterprises

  IT Services Best Practices for Efficient, Cost-Effective, and Productive Enterprises The emergence of new technology such as AI, big... Read more

Simple Ways You Can Keep Your Business Information Safe

  Simple Ways You Can Keep Your Business Information Safe From Loss Or Theft     As unfortunate as it is, it seems... Read more

Cloud or On-Premise PBX: Which Is Right For You? by Essential Tech Brisbane

  Cloud or On-Premise PBX: Which Is Right For You?     When you upgrade your office phone system to a modern VoIP... Read more

5 Ways Microsoft 365 E5 Can Help You Secure Your Business

  5 Ways Microsoft 365 E5 Can Help You Secure Your Business     You know about the importance of staying connected, especially... Read more

Business Website: Don’t Set It and Forget It by Essential Tech Brisbane

Business Website: Don’t Set It and Forget It The Importance of Maintaining Your Website  Just having a website up and running is not... Read more

Downtime Lurks Where You Least Expect It by Essential Tech Brisbane

  Downtime Lurks Where You Least Expect It   Downtime is your enemy. No matter your size, when technology is down, productivity comes... Read more

9 Policies to Reduce IT Security and Compliance Risks

  9 Policies to Reduce IT Security and Compliance Risks   One major problem that IT security audits reveal is the lack of... Read more

IT Security Tips for Remote Workforce by Essential Tech Brisbane

  IT Security Tips for Remote Workforce Across the globe, millions of employees are being advised to work from home in response to the... Read more

Protecting Your Business from Cyber Threats by Essential Tech Brisbane

  Protecting Your Business from Cyber Threats     Once, businesses and corporations mainly faced threats from the... Read more

A CIO’s Guide to IT Security by Essential Tech Brisbane

  A CIO’s Guide to IT Security IT security is a growing concern for many small businesses, even those who may not consider themselves a... Read more

5 Most Common Network Security Risks by Essential Tech Brisbane

  5 Most Common Network Security Risks The necessity for you to guard your business against cyber-attacks has never been more crucial as... Read more

Top Tips to Protect your Business Data by Essential Tech Brisbane

  Top Tips to Protect your Business Data   The most critical issue facing businesses is cyber attacks and threats. Whether it comes... Read more

Why You Should Care About Data Breaches by Essential Tech Brisbane

  Why You Should Care About Data Breaches Since the Notifiable Data Breaches scheme was introduced on February 22 nd, data security has... Read more

Ways How Unified Communications Can Improve Customer Service

  Ways How Unified Communications Can Improve Customer Service Regardless of the industry that you are in, you should provide quality... Read more

All You Need To Know On Information Security In The Digital Age

  All You Need to Know on Information Security in the Digital Age     Enterprises are fast-growing in data sharing... Read more

Top 10 Managed IT Service provider in Brisbane

Best Managed IT Service provider in Brisbane Managed IT service providers are becoming the go-to IT solutions provider for small to medium scale businesses that may... Read more

The importance of being aware of supply chain attacks

The importance of being aware of supply chain attacks   It’s easy for organisations to fall into the trap of focusing on defending their IT networks with virus... Read more