The Australian Cyber Security Centre (ACSC) has recently updated the Essential Eight Maturity Model, which provides guidance on how to implement the Essential Eight cyber security strategies to mitigate cyber security incidents. The Essential Eight are a set of best practices that aim to reduce the risk of cyber-attacks and minimise the impact of successful breaches.
The Essential Eight Maturity Model changes introduce some new requirements and recommendations for each of the eight strategies, as well as a revised scoring system to measure the maturity level of an organisation’s cyber security posture. The changes reflect the evolving threat landscape and the need for organisations to adopt a proactive and adaptive approach to cyber security.
We will discuss the main changes to the Essential Eight Maturity Model and how they affect your business. We will also explain how using a Managed Service Provider can help you achieve and maintain the highest level of cyber security maturity, by providing you with expert advice and support.
What are the main changes to the Essential Eight Maturity Model?
The Essential Eight Maturity Model changes affect all eight strategies, but some of them have more significant updates than others. Here are some of the key changes that you should be aware of:
- Application control: The new maturity model requires organisations to prevent the execution of unapproved or malicious applications on all workstations, servers, and mobile devices, not just those that are exposed to the internet or have a higher risk profile. This means that organisations need to implement a whitelist of approved applications and block all others, using tools such as Microsoft AppLocker or Windows Defender Application Control.
- Patch management: The new maturity model recommends organisations to apply security patches to applications within two days of release, instead of 48 hours as previously suggested. This is to reduce the window of opportunity for attackers to exploit known vulnerabilities. Additionally, the new maturity model requires organisations to apply security patches to operating systems within seven days of release, instead of one month as previously suggested.
- Multi-factor authentication: The new maturity model requires organisations to enable multi-factor authentication (MFA) for all privileged accounts, not just those that can access sensitive or critical data. This is to prevent attackers from gaining access to administrative or system-level functions that could compromise the entire network. Furthermore, the new maturity model recommends organisations enable MFA for all user accounts, not just those that can access sensitive or critical data.
- Daily backups: The new maturity model requires organisations to test the restoration of backups at least annually, instead of quarterly as previously suggested. This is to ensure that backups are reliable and can be used to recover data in the event of a ransomware attack or other disaster. Additionally, the new maturity model recommends organisations store backups offline or in a separate network, not just in a different location as previously suggested.
How do the Essential Eight Maturity Model changes affect your business?
The Essential Eight Maturity Model changes affect your business in several ways. Firstly, they increase the level of cyber security that you need to achieve and maintain, which may require you to invest more time, money, and resources. Secondly, they provide you with a clearer and more consistent framework to measure and improve your cyber security maturity, which may help you to identify and address any gaps or weaknesses. Thirdly, they align your cyber security practices with the latest standards and best practices, which may enhance your reputation and trustworthiness among your customers, partners, and regulators.
The Essential Eight Maturity Model changes do not change the overarching principles that we have discussed in our previous posts, such as Are you Essential Eight compliant? and Have the recent Cybersecurity incidents in the news left you worried about the safety of your business? Rather, they update and refine the specific recommendations and requirements that you need to follow to implement the Essential Eight effectively and efficiently.
How can An IT Partner help you with the Essential Eight Maturity Model changes?
A trusted IT partner can help you with the Essential Eight Maturity Model changes. With the expertise and experience to help you assess your current cyber security maturity level, identify and prioritise the areas that need improvement, and implement the necessary changes to achieve and maintain the highest level of cyber security maturity.
Zarbtech is more than just an IT service provider. We are your IT partner that keeps up to date with the latest changes and trends in cyber security and ensures that your business is always operating on the latest recommendations. We are committed to helping you protect your data, your reputation, and your bottom line.
Contact us today to find out how we can help you with the Essential Eight Maturity Model changes and other cyber security needs.
