Cybersecurity can be a scary topic. With increasing cybercrime reports year after year and the recent media coverage of companies that have experienced breaches, worrying about the safety of your own business is a perfectly normal reaction.
Thankfully, the Australian Cyber Security Centre has provided all Australian businesses with a list of the most effective mitigation strategies for Microsoft Windows-based internet-connected networks. These are known as the Essential 8
This list of 8 strategies, which are then categorised into 4 levels of maturity provides you with an understanding of the current security posture of your business, as well as a goal to work towards to increase your security positioning.
The Essential 8 Mitigation Strategies
- Application control
- Patch applications
- Configure Microsoft Office macro settings
- User application hardening
- Restrict administrative privileges
- Patch operating systems
- Multi-factor authentication
- Regular backups
The Essential 8 Maturity Levels
Maturity Level Zero
This maturity level signifies that there are weaknesses in an organisation’s overall cyber security posture. When exploited, these weaknesses could facilitate the compromise of the confidentiality of their data, or the integrity or availability of their systems and data.
Maturity Level One
The focus of this maturity level is adversaries who are content to simply leverage commodity tradecraft that is widely available in order to gain access to, and likely control of, systems.
Generally, adversaries are looking for any victim rather than a specific victim and will opportunistically seek common weaknesses in many targets rather than investing heavily in gaining access to a specific target.
Maturity Level Two
The focus of this maturity level is adversaries operating with a modest step-up in capability from the previous maturity level. These adversaries are willing to invest more time in a target and, perhaps more importantly, in the effectiveness of their tools.
Generally, adversaries are likely to be more selective in their targeting but still somewhat conservative in the time, money and effort they may invest in a target.
Maturity Level Three
The focus of this maturity level is adversaries who are more adaptive and much less reliant on public tools and techniques. These adversaries are able to exploit the opportunities provided by weaknesses in their target’s cyber security posture, such as the existence of older software or inadequate logging and monitoring. Adversaries do this to not only extend their access once initial access has been gained to a target, but to evade detection and solidify their presence. Adversaries make swift use of exploits when they become publicly available as well as other tradecraft that can improve their chance of success.
Generally, adversaries may be more focused on particular targets and, more importantly, are willing and able to invest some effort into circumventing the idiosyncrasies and particular policy and technical security controls implemented by their targets.
Information from (2022). Essential Eight Maturity Model. The Australian Cyber Security Centre (ACSC). https://www.cyber.gov.au/acsc/view-all-content/publications/essential-eight-maturity-model
How we can help
While no strategy that will ever guarantee protection from all cyber threats, increasing your maturity level within these Essential 8 areas is a great place to start.
The Zarbtech Team can help you work through the process by partnering with you to:
- Identify the correct target Maturity Level for your business
- Assess your current Maturity Level
- Provide recommendations to achieve your desired Maturity Level
- Implement recommended Mitigation Strategies
- Enhance your Security Posture above these Essential 8 areas for a more robust Cybersecurity Strategy
If you are ready to take your worries and turn them into an actionable plan to reduce your risk our Team are ready to help
