Important first steps to protect you from cyber attacks and ransomware
The Essential Eight is a framework and set of recommendations created by the Australian Cyber Security Centre of the Australian Signals Directorate to help improve your readiness and preparation in the event of a cyber attack.
By prioritising the eight most basic mitigation strategies, the ACSC hopes to help organisations protect themselves and avoid disastrous outcomes caused by hacking and cyber attacks. Implementing the Essential Eight now also saves you the pain, time and money of responding to a major cybersecurity incident on your own.
It is likely that soon all organisations in Australia will be required to disclose their Essential Eight Maturity Level and demonstrate compliance with these most basic preventative measures. Wherever you are in your cyber security journey — whether you are sophisticated and experienced, or just starting out — we can help you level up and improve your security posture.
A simple list to help you implement the Essential Eight correctly
dangerous
Application Control
Prevent execution of all unapproved and malicious programs, including .exe, DLL, scripts and installers
download_for_offline
Application Patching
Use the latest version of applications and patch all web browsers, Microsoft
Office, Java and PDF viewers. Patch computers
with ‘extreme risk’ vulnerabilities within 48 hours
settings
Microsoft Office Macro Settings
Block macros from the Internet, and only allow vetted macros, either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate
update_disabled
User Application Hardening
Configure web browsers to block Flash, ads and Java. Disable unneeded features in Microsoft Office (e.g. OLE), and in web browsers and PDF viewers.
enhanced_encryption
Restrict Administrative Privileges
Tightly manage privileges and access to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don’t use privileged accounts for reading email and web browsing.
system_update_alt
Operating System Patching
Patch all computers and network devices with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest operating system version. Don’t use unsupported versions.
password
Multi-Factor Authentication
Turn on MFA for VPNs, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important data repository.
checklist
Daily Backup and Recovery Strategy
Perform daily backups of important new/changed data, software and configuration settings. Store backups disconnected from the Internet and retain them for at least three months. Test restoration initially, annually and when IT infrastructure changes.
Your Maturity Level is a combination of how prepared you are to defend yourself and how hackers see you
Level Zero
Level Zero means that there are weaknesses in an organisation’s overall cyber security posture.
Because Level Zero organisations lack dedicated cyber security defences, and do not have internal expertise or outside partners to protect themselves, hackers can easily infiltrate to steal data, or shut down business operations using widely available tools.
All organisations should plan to elevate to Level One as soon as possible.
Level One
Level One organisations have basic protection in place to guard against untargeted attacks made by hackers using widely available commodity tradecraft.
Level One organisations have no reason to expect to be targeted by hackers and are mostly swept up in larger-scale, opportunistic attacks that go after a group of organisations using publicly-available exploits to gain control of internal systems.
Many organisations mistakenly see themselves as Level One, but are in fact highly targeted because of the industry they belong too.
layers
Level Two
Level Two organisations generally have more sophisticated internal capabilities and external vendor and partner support due to their awareness of their increased desirability among hackers.
At Level Two, hackers are willing to invest some time and money on actively targeting the organisation through phishing and social engineering to bypass multi-factor authentication.
Users with elevated privileges within Level Three organisations are often singled out and targeted by hackers who attempt to trick them into launching malicious applications that further weaken the cyber defences of the organisation, allowing full access to internal systems for a long period of time.
dynamic_feed
Level Three
Level Three organisations tend to be large and more mature and may have a robust internal Blue Team as well as an array of external vendors and partners logging, monitoring and patching security systems on a regular basis.
Hackers attacking Level Three organisations will invest significant time and money to perform research on the organisation’s defences. They will attempt to gain long-term access to internal systems and will often continually adapt their approach to find multiple weaknesses in the organisations’s defences — all while evading detection.
It is common for hackers at this level to use custom tools that are not publicly available, making them much harder to detect and guard against through simple patching.
