Essential Eight +

Cybercrime is one of the most significant threats to individuals and businesses in Australia in terms of overall volume and impact. The Australian Cyber Security Centre (ACSC) Annual Cyber Threat Report shows that malicious cyber activity against Australia’s national and economic interests is increasing in frequency, scale, and sophistication. Between July 2019 and June 2020, ACSC responded to 2,266 cyber security incidents that have targeted large organisations, key supply chain, Commonwealth, and state government entities.

The cyber incidents reported were caused by various malicious activities such as targeted reconnaissance, phishing emails, and ransomware. Cybercriminals quickly adapted their phishing methods to take advantage of the COVID-19 pandemic.

The Essential Eight, or ES8, provides a realistic model for improving an organizations overall security posture, however, it requires a strong foundation. Here at CSP we have developed the Essential Eight + a combination of Essential Eight mitigation strategies built on top of a Zero Trust foundation. This includes integration and automation across a wide range of solutions already within the Microsoft stack, along with a few third party vendors at the forefront of cloud technology. We help rapidly increase maturity levels, provide a roadmap for uplifting your cloud security posture, and are geared specifically towards the Microsoft 365 and Azure ecosystems.

We are based in Adelaide but help SMB and Enterprise organizations with their cybersecurity all over Australia, as well as internationally. If your company is looking to meet the ACSC’s standards and build a strong cybersecurity foundation then please reach out for more information about Essential Eight +

In layman’s terms, there are eight mitigation strategies (see below) and each strategy has three maturity levels (see image above). Those eight strategies cover three very important control objectives;

Prevent Malware Delivery & Execution
1. Application Control
2. Office Macro Settings
3. User Application Hardening

Limit the Extent of Cyber Security Incidents
4. Patch Operating Systems
5. Patch Applications
6. Mutli-factor authentication – passwordless
7. Restrict Privileged Access

Implement Strategies to Recover Data and System Availability
8. Backup and restore