The Prime Minister of Australia recently stated in a press conference that a state-based actor has increased the frequency of the cyberattacks on Australian Government agencies and private businesses, calling on organisations to bolster their cyber defences to thwart the threat. Following the press conference, the Australian Cyber Security Centre (ACSC) published an advisory (2020-008) with details about the tactics, techniques and procedures identified during the investigations.
The ACSC strongly recommends implementing the Essential Eight controls to mitigate cyber security incidents as a baseline to improve security posture.
The Essential Eight controls are broken down into three maturity models, from level one to level three that relate to industry compliance. It is recommended by the ACSC that organisations should reach maturity level three for each of the eight controls.
What are the Essential Eight Controls?
|Application Control||Application control to prevent the execution of unapproved/malicious programs|
|Patch Applications||Patch computers with critical vulnerabilities and use the latest versions of applications|
|Configure Microsoft Office macro settings||Configure Microsoft Office macro settings to block macros|
|User application hardening||Configure web browsers to block Flash and Java. Disable unnecessary features in applications|
|Restrict administrative access||Restrict administrative access to operating systems and applications based on user duties|
|Patch operating systems||Patch operating systems with critical vulnerabilities within 48 hours|
|Multi-factor authentication||Enforce multi-factor authentication for VPNs, RDP, SSH, and other remote access, and all users|
|Daily backups||Daily backups of essential data and retained for at least three months|
Benefits of Essential Eight Implementation
While the Essential Eight is not a complete framework, it does include practical implementation of tools and techniques that will significantly improve overall security posture. Common threats such as ransomware, phishing and exploitation of systems are mitigated due to the practical and direct approach, which results in organisations receiving the maximum benefits from their cyber security investment.
blueAPACHE’s FREE Essential Eight Security Assessment
Implementing the Essential Eight requires a high degree of understanding of the organisation’s risk profile, particularly where maturity level three is achieved. blueAPACHE’s expert team work with organisations to provide tailored advice to meet their specific needs in the most cost-effective manner, providing a solution that is fit for purpose. Getting started is as easy as booking a FREE Essential Eight Security Assessment, identifying the steps your organisation can take to fill any gaps.
Contact us today to book in a FREE Essential Eight Security Assessment with one of our expert security consultants.