For any business keen to shore up their cybersecurity, the ACSC Essential Eight provides a valuable and cost-effective framework. The benefits of the framework were highlighted in our recent blog, Four reasons why all businesses should embrace the ACSC Essential 8 Framework – How robust is your cybersecurity?
But what are the pillars that make up the framework and how can they help you assess your cybersecurity maturity?
According to Techware CEO, and cybersecurity specialist, David Sia, the ACSC Essential 8 provides clarity to businesses on what exact cybersecurity measures they have in place.
“If someone asks you a yes or no question such as ‘do you have backup?’ it doesn’t actually tell you anything. What the Essential 8 does is force you to think about the detail. The rating system effectively shines a light on a job well done, or on an area requiring more attention,” says David.
Understanding the ACSC Essential Eight pillars
To fully grasp the appeal of the Essential Eight for businesses, it helps to understand the pillars and what they mean in everyday terms. At its core, the ACSC Essential 8 is a framework to assess and measure the security maturity of your business IT. The framework consists of eight pillars each offering cyber security mitigation strategies. These are:
• Applications whitelisting
• Patching application
• Microsoft Office macro setting configuration
• Application hardening
• Restriction of admin privileges
• Operating system patching
• Multi Factor Authentication (MFA)
• Daily backups
Within each pillar there are steps to take that help improve your businesses security posture. Some of the ACSC Essential 8 steps are small and fundamental measures. However, when combined with all the other measures, they create a powerful line of defence for your organisation.
Across all pillars there are levels of maturity that impact your benchmark score.
“Each level has defined criteria that need to be met (per pillar) to achieve the maturity. When we start working with a business to roll out the ACSC Essential 8, we do a lot of information gathering first. Then we go through the information provided, validate it, and assess it against the criteria,” says David.
According to David, it is not uncommon for a business owner or the CTO to have ticked the required box at level two, but still have gaps at level one.
“You get a score at each level so there is no way for anything to fall through the cracks. Once collected, this data then creates the base of our recommendations and forms a roadmap to work through and increase security,” adds David.
Scrutiny and standards intensify as more businesses move to the cloud
With the rise in businesses migrating to the cloud, expectations are increasing in relation to their cybersecurity levels. By adopting the ACSC Essential 8, businesses can be satisfied knowing they have a secure system in place to help with defining the maturity of their online security.
“Because it was created by the government, and effectively tested and proven by the government, the ACSC Essential 8 has essentially become the “go to” standard of security. It’s a logical framework for businesses to embrace and one we have seen many organisations have great success with,” explains David.
A multi-layered defence
Now more than ever it is crucial all businesses take their cybersecurity seriously. Installing a security software package and just hoping it works, is not the answer (we talk more about this in the 3rd part of this blog series). To be safe your business should have a dedicated IT team who is monitoring your cybersecurity and acting in a proactive manner. The Essential 8 framework is an additional layer of security to assist your organisation.
“In the past a lot of focus was on protecting the perimeter and blocking bad traffic into the corporate network. The difference now is that where attackers used to target infrastructure, they now have many layers of attack, including social engineering, vulnerability in application and mobile devices. So, all businesses need many layers of defence and that is what the ACSC Essential 8 provides,” says David.
If you want to better understand the security posture of your business and establish a standard to work towards, Techware can help. Contact the team today to find out how you can use the ACSC Essential 8 to strengthen the protection and sustainability of your business.