More and more we are being approached by our customers, enquiring about the Essential Eight. An interesting observation is that many companies are driven to comply to their customers and partners rather than the improvement of their ICT security. There seems to be an assumption amongst many businesses that their investment in security products must be resulting in ticks in all the right boxes.
I am reminded of the Conscious Competence model, which is a prescribed way to attempt to identify what you don’t know, so that you don’t fall into the trap of overconfidence. After some recent assessments on some of our customers, they were shocked to see how few areas they actually complied with.
The Essential Eight is a framework designed to provide Australian businesses a strategy for defending against cyber threats. Developed by the Australian Cyber Security Centre (ACSC) it was built using the most relevant information and observations from other publications, such as the Information Security Manual (ISM) and National Institute of Standards and Technology (NIST) risk management framework.
It is broken into eight strategic areas, with three levels of maturity. The eight areas are — Application Control, Application Patching, Macro Settings, Application Hardening, Administrative Privilege Restrictions, OS patching, Multi-Factor Authentication, and Regular Backups.
Its goal is to address cyber risk, improve compliance, demonstrate commitment to security, and protect against financial and operational impact. Studies have shown that implementing the Essential Eight can reduce the likelihood of a successful cyber attack by up to 85%.
Correct! As you continue along your cyber security journey you are bound to find that there is no single answer for everyone. The Essential Eight is a baseline security strategy that is relevant for the majority of organisations, however you will still need to consider your specific needs and supplement it if you have other compliances that you must meet. For example, PCI-DSS for credit card transactions, or ISO27001 for storage of sensitive customer data.
The Essential Eight is primarily designed to protect Windows-based internet-connected networks, but the principles may be applied to other environments such as Linux workstations and servers, cloud computing or enterprise mobility.
The answer to that is a resounding… probably. There are not too many organisations that are not using internet-connected Windows-based IT systems and you are unlikely to be an exception.
Reach out to your Account Manager who can put you in contact with our security consultants to work out what is the most appropriate approach for your business. We provide assessments, consultative workshops, and implementation services.
Alternatively, you can contact Jasco on 1300 052 726 or at Sales@jasco.net.au
The difference between managed services and traditional ICT support is comparable to the difference between having a doctor monitoring your health and buying a box of bandages.
We pride ourselves in our industry knowledge and would love to share it with you. Sign up to our newsletter for all the latest in IT.