Essential Eight services
Improve your organisation’s cyber security posture by adopting the Essential Eight series of mitigations, as recommended by the Australian Cyber Security Centre (ACSC) and required for specific industry sectors.
In Australia, cyber security starts with the Essential Eight
According to the Australian Cyber Security Centre, the average cost associated with cyber crime is the greatest for medium sized organisations. In CyberCX’s experience, this is often due to business growth and corresponding reliance on technology outpacing organisational awareness of cyber security.
Small business – $46,000
Medium business – $97,200
Large business – $71,600
*Average self-reported cost of cyber crime in Australia (ACSC)
By making informed decisions early on about your organisation’s approach to cyber security, you can assure your partners and customers that your technology systems are secure while reducing the chances of falling victim to cyber crime and becoming another statistic.
What is the Essential Eight?
The Essential Eight are a series of mitigations taken from the larger Strategies document that ACSC identify as one of the most effective approaches to making it harder for adversaries to compromise systems.
For many organisations, the Essential Eight represents a no-frills way to establish a robust cyber security baseline and provide insights to prioritise ongoing security investment.
Straightforward and prioritised
Cyber security can be confusing. There’s new terminology, unfamiliar concepts, and endless options and opinions. The Essential Eight cuts through the confusion to provide a focused list of actions that any organisation can use to help better protect their data, systems and people.
Essential 8 Maturity Model
The Essential Eight mitigation strategies are organised according to a corresponding maturity level designed to mitigate increasing levels of threat actor tradecraft. This means you can pick the maturity level that is proportionate to your organisation’s cyber threat profile and invest in stages to achieve your goal.
Contribute to a cyber resilient Australia
The Australian Government is investing heavily to encourage widespread implementation of the Essential Eight across diverse organisations from critical infrastructure to defence to government.
The idea is that a rising tide lifts all boats: the more Australian organisations that have a solid cyber security baseline, the more cyber secure Australia will be as a whole. In fact, the Department of Home Affairs recently released a national strategy for Australia to be a world leader in cyber secure by 2030.
Essential Eight core mitigation strategies
The Essential 8 checklist comprises eight core mitigation strategies which provide the targeted direction necessary to secure your technology where it matters.
Patching applications
Ensure that your applications are securely maintained and that vulnerabilities are mitigated.
Patching operating systems
Ensure that your internet facing services and technology systems are securely maintained and that vulnerabilities are mitigated.
Multi-factor authentication
Protect your users’, employees’ and customers’ accounts from compromise across your business applications.
Restricting administritive privileges
Establish secure approaches to administering and managing your technology environment.
Application control
Prevent malicious software from executing by establishing explicit control over applications and software.
Microsoft Office macro settings
Strengthen Microsoft Office macros to prevent them from being maliciously abused.
Hardening user applications
Protect your end-user systems from exploitation and malware.
Performing regular backups
Ensure that your technology systems can be restored, and your important information recovered in the event of a cyber incident.
Ready to get started?
Find out how CyberCX can help your organisation’s cyber security posture by adopting the Essential Eight.
Trusted cyber security partner to leading Australian organisations.
Why should you consider the Essential Eight?
The Essential Eight is a curated and regularly updated list of cyber security controls based on the Australian Signals Directorate’s (ASD) experience. It was established to help organisations like yours establish effective defences against the cyber threats facing Australian organisations and the incidents they cause. Based on CyberCX’s experience, some of the most common cyber incidents impacting Australian businesses include:
Phishing / Social Engineering
Targeting people to trick them into giving up sensitive information or performing unauthorised actions
Impacts
- Financial losses through unauthorised financial transactions.
- Digital harm to critical technology systems through unauthorised access and compromise of user accounts.
Malware Exploitation and Ransomware
Abusing weaknesses in technology systems to get a foothold and follow-up with malicious activities
Impacts
- Reputational impact through loss of trust and potential negative media reporting.
- Financial losses through business interruptions, ransom payments and/or destruction of systems and information.
- Loss of or inability to recover critical business information or access to technology systems.
Information Loss (aka Data Breach)
Stealing and/or publishing confidential information (including accidentally)
Impacts
- Reputational impact through loss of trust and potential negative media reporting.
- Financial losses through loss of intellectual property and loss of customers.
- Psychological and/or financial harm to individuals affected.
CyberCX Essential Eight services
Tailored Essential Eight services to meet your organisation’s size, needs and budget
Essential Eight Jump-Start
For organisations at ML0 – 1
New to the Essential Eight? We can help you understand how you currently stack up to the maturity model and give you advice and direction on quick wins to increase your cyber security posture where it matters for you.
Essential Eight Assessment
For organisations between ML1 – 3
Have you implemented some controls but you’re not quite sure how well you stack up? Want to gain better insights into your currently maturity level or confirm your mitigation approach? Our security experts will work with you to understand your current environment and determine how your Essential 8 maturity model is working and what can be improved.
Essential Eight Assurance
For organisations at ML3 seeking detailed assurance from an IRAP Assessor
At the end of an implementation or remediation project and want to confirm that what’s been implemented operates as expected? Our security experts will work with you to perform testing to give you assurance that you meet your maturity level.
Need more help to get to your target maturity level? CyberCX’s end-to-end cyber security capabilities across our Cloud and Network Engineering services can help you implement and manage your key security technology solutions.
Ready to get started?
Find out how CyberCX can help your organisation’s cyber security posture by adopting the Essential Eight.
Why partner with CyberCX for your Essential Eight efforts?
End-to-end capability
CyberCX is Australia’s leading cyber security provider with unmatched skill and expertise across all areas of the Essential Eight. Our end-to-end options provide support where and when it is needed.
Experience and expertise
Specialised practitioners across multiple domains associated with Essential Eight, coupled with significant experience in advising, implementing and supporting the maintenance controls.
Trusted partners
CyberCX has assisted dozens of organisations with their Essential Eight journey and associated uplift programs. From discovery to assessment, we join our customers on their Essential Eight journey and help carry the load.
Essential Eight FAQs
Have a question about Essential Eight (E8) not covered here?
Contact our team and we’ll be happy to help.
The Essential Eight mitigation strategies are organised according to a corresponding maturity level designed to mitigate increasing levels of threat actor tradecraft.
This means you can pick the maturity level that is proportionate to your organisation’s cyber threat profile and invest in stages to achieve your goal.
Maturity Level 0
There are weaknesses in the mitigation strategy that make your organisation vulnerable to compromise.
Maturity Level 1
The mitigation strategy provides resilience against threat actors who leverage commodity tradecraft that is widely available.
Maturity Level 2
The mitigation strategy provides resilience against the next level of threat actors who invest more time in targeting, reconnaissance and tool effectiveness.
Maturity Level 3
The mitigation strategy provides resilience against threat actors who focus on specific targets and invest significant time into circumventing security controls.
The Essential Eight comprises eight core mitigation strategies which provide the targeted direction necessary to secure your technology where it matters.
The Essential 8 controls and mitigation strategies are:
- Application control
- Application patching
- Restrict administrative privileges
- Patch operating systems
- Configure Microsoft Office macro settings
- User application hardening
- Multi-factor authentication
- Regular backups
Essential Eight is a series of mitigations, as recommended by the Australian Cyber Security Centre (ACSC) and are required for specific industry sectors.
Ready to get started?
Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.