Essential Eight +

Cybercrime is one of the most significant threats to individuals and businesses in Australia in terms of overall volume and impact. The Australian Cyber Security Centre (ACSC) Annual Cyber Threat Report shows that malicious cyber activity against Australia’s national and economic interests is increasing in frequency, scale, and sophistication. Between July 2019 and June 2020, ACSC responded to 2,266 cyber security incidents that have targeted large organisations, key supply chain, Commonwealth, and state government entities.

The cyber incidents reported were caused by various malicious activities such as targeted reconnaissance, phishing emails, and ransomware. Cybercriminals quickly adapted their phishing methods to take advantage of the COVID-19 pandemic.

The Essential Eight provides a realistic model for improving an organizations overall posture, however, it is not enough. We’ve been working hard to develop Essential Eight + a combination of the ES8 mitigation strategies built on top of a Zero Trust foundation. This includes integration and design across a diverse range of solutions, such as; Conditional Access, Microsoft Endpoint Manager, Defender Application Control/ThreatLocker, Microsoft Information Protection, Defender 365, Azure Sentinel, and more. We help rapidly increase maturity levels and provide a roadmap for achieving maturity level three, engineered specifically for the Microsoft 365 and Azure ecosystems.

We are based in Adelaide but help SMB and Enterprise organizations with their cybersecurity all over Australia, as well as internationally. If your company is looking to meet the ACSC’s standards and build a strong cybersecurity foundation then please reach out for more information about Essential Eight + es8@cspa.com.au

In layman’s terms, there are eight mitigation strategies (see below) and each strategy has three maturity levels (see image above). Those eight strategies cover three very important control objectives;

Prevent Malware Delivery & Execution
1. Application Control
2. Office Macro Settings
3. User Application Hardening

Limit the Extent of Cyber Security Incidents
4. Patch Operating Systems
5. Patch Applications
6. Mutli-factor authentication – passwordless
7. Restrict Privileged Access

Implement Strategies to Recover Data and System Availability
8. Backup and restore