What is the Essential Eight?
The Essential Eight mitigation strategies are a prioritised list of practical actions organisations can take to make their computers more secure. When implemented effectively, the Essential Eight mitigates 85% of targeted cyber-attacks.
The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies, in the form of the Strategies to Mitigate Cyber Security Incidents, to help organisations mitigate cybersecurity incidents caused by various cyber threats. The most effective of these mitigation strategies are known as the Essential Eight.
The ACSC recommends five strategies comprising 37 mitigation controls. These are not just technical steps but involve the whole organisation in modifying behaviour. Together the 37 recommended controls address:
- Prevention of malware delivery and execution
- Limiting the extent of cyber security incidents
- Detecting cyber security incidents
- Recovering data and system availability
- Preventing malicious insiders
Intrix Cyber Security audit and advisory services will help identify, validate and document your maturity level alongside recommendations to improve and reach your target maturity level
How can Intrix Cyber Security help?
We provide in-depth and comprehensive cyber security assessments of networks, applications, infrastructure and current state of cyber security controls. We review existing data protections, providing guidance on proper process, using the Essential Eight to , providing remediation guidance to improve your security posture and implement the recommended Essential Eight mitigation strategies.
Avoid the disruption, excess costs, legal and reputational damage of a cyber attack or breach.
Achieve and maintain PCI DSS compliance and other cyber security standards.
Harden your business systems and reduce cyber security risk exposure.
A detailed analysis with proof of concept for each finding, with an actionable remediation plan.
Independently validate your security posture against industry best practices
ACSC Essential Eight Mitigation Strategies
Application control to prevent execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers.
Patch applications e.g., Flash, web browsers, Microsoft Office, Java, and PDF viewers. Patch/mitigate computers with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest version of applications.
Configure Microsoft Office macro settings to block macros from the internet, and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.
User Application Hardening
User application hardening. Configure web browsers to block Flash (ideally uninstall it), ads and Java on the internet. Disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers.
Restriction of Administrative Privileges
Restrict administrative privileges to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don’t use privileged accounts for reading email and web browsing.
Operating System Patching
Patch operating systems. Patch/mitigate computers (including network devices) with “extreme risk” vulnerabilities within 48 hours. Use the latest operating system version. Do not use unsupported versions.
Multi-factor authentication including for VPNs, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository.
Daily backups of important new/changed data, software, and configuration settings, stored disconnected, retained for at least three months. Test restoration initially, annually, and when IT infrastructure changes.
Intrix Cyber Security is proud to be an official partner with the Australian Cyber Security Centre.
Contact us today and let Intrix Cyber Security provide you with a comprehensive report detailing your organisation’s Essential 8 maturity level.