Blog > The Essential Eight Explained: Key Strategies for Cyber Resilience

Essential Eight Explained:

Key Strategies for Cyber Resilience

With the growing frequency of cyber incidents and the sophistication of these threats, the importance of robust cyber security measures cannot be overstated. The Essential Eight (E8) Cyber Security model, developed by the Australian Cyber Security Centre (ACSC), is the eight essential strategies of the ACSC’s Top 37 Strategies to mitigate cyber security incidents. In the following discussion, we explore the Essential Eight, providing a deeper understanding of how it can strengthen your organisation’s cyber defences.

What is Essential Eight and its purpose?

The Essential Eight is a set of cyber security strategies designed to provide a baseline defence against a wide array of cyber threats. Its primary goal is to make it harder for adversaries to compromise systems, ensuring organisational resilience. This model is not just for government agencies or large corporations. It is equally relevant for small and medium-sized enterprises seeking to enhance their cyber security posture.

Maturity Level 1 (ML1): Cyber Hygiene

At this foundational level, the focus is on establishing fundamental security practices. assuming very little already exists, organisations seeking ML1 will experience capital intense activities across Multifactor Authentication (MFA), backups, and application controls. However, these yield some of the larger cyber security improvements. At ML1, it is important to engage with all areas of the organisation to minimise user impact. We regularly see the disabling of office macros causing interruption with existing systems and processes relying on them.

At ML1, organisations will benefit from:

  • Application Control: Basic whitelisting of approved software.
  • Patch Applications and Operating Systems: Regular updates of essential software and systems.
  • Microsoft Office Macro Settings: Macros disabled for untrusted sources.
  • User Application Hardening: Basic browser security and disabling unneeded features.
  • Restrict Administrative Privileges: Minimum necessary privileges for tasks.
  • Multi-factor Authentication: Basic implementation for critical roles.
  • Daily Backups: Regular backup of essential data.

Essential 8 Assessment by SOCO - Maturity Level 1 results

Maturity Level 2: Increasing Resilience

Here, organisations build upon the basic practices, introducing more robust and comprehensive security measures. Organisations can leverage their initial investment from ML1 to reach ML2, but additional costs will likely be incurred. These may include the introduction of centralised logging and the security events from that logging requiring timely review.

At ML2, organisations will benefit from:

  • Application Control: More comprehensive application whitelisting.
  • Patch Applications and Operating Systems: Quicker implementation of critical updates.
  • Microsoft Office Macro Settings: Fine-tuned macro controls and user education.
  • User Application Hardening: Advanced configurations and user training.
  • Restrict Administrative Privileges: More rigorous control and monitoring of privileges.
  • Multi-factor Authentication: Expanded use across more systems and users.
  • Daily Backups: More frequent and comprehensive data backup strategies.

Essential 8 Assessment by SOCO - Maturity Level 2 results

Maturity Level 3: Advanced Cyber Threat Preparedness

This level is for organisations at high risk or with very sensitive data and offers the ACSC’s top mitigation strategies. There is a significant financial commitment to incorporating all ASD’s E8 guidance, however, this will drastically decrease the organisation’s cyber security risk profile once implemented.

At ML3, organisations will benefit from

  • Application Control: Dynamic and context-aware application controls.
  • Patch Applications and Operating Systems: Automated, real-time patch management.
  • Microsoft Office Macro Settings: Advanced threat detection mechanisms for macros.
  • User Application Hardening: Continuous monitoring and adaptive security configurations.
  • Restrict Administrative Privileges: Sophisticated access controls and ongoing auditing.
  • Multi-factor Authentication: Advanced solutions like biometrics or behavioural analytics.
  • Daily Backups: Comprehensive, encrypted, and redundant backup systems.

Essential 8 Assessment by SOCO - Maturity Level 3 results

Each maturity level in the Essential Eight model represents a step up in terms of technical complexity, financial investment, and ability to mitigate cyber security threats. Organisations should assess their specific security needs and resource availability to determine the most appropriate level to aim for. This structured approach allows for a gradual enhancement of cyber security capabilities, aligning with the organisation’s growth and evolving risk landscape.

Not sure where you sit or where to get started implementing the Essential Eight? Simply complete the form on the right and one of our security consultants will be in touch soon.

Share this article

Let's talk