Mitigation strategies for cyber-attacks: Essential 8 for NFPs

Mitigation strategies for cyber-attacks: Essential 8 for NFPs

As with all businesses, cyber security has become top of mind for Australian not-for-profits (NFPs) looking to adequately protect their organisation. If you are considering mitigation strategies for cyber-attacks, then it is likely you have come across the Australian cybersecurity Essential 8 framework (also known as the Australian Signals Directorate (ASD) Essential 8 controls). And if you haven’t, it is time that you did.

According to recent overseas research a quarter of UK charities report having cyber security breaches over the last 12-month period. On Australian shores, NFPs are facing a similar situation. Exacerbated by the coronavirus pandemic, during the 2020-2021 financial year, the Australian Cyber Security Centre (ACSC) observed more than 67,500 cybercrime reports (an increase of 13% on the previous year). This upward trajectory is expected to continue as cyber criminals continue to become more savvy and more aggressive in seeking out an organisation’s vulnerabilities.

The pandemic has escalated the need for mitigation strategies for cyber-attacks. In part due to more aggressive criminals but also because of the added complexity in end point management caused by shifting operating models to accommodate working from home,” says David Sia, CEO, Techware.

Four reasons why all NFPs should embrace the Essential 8 Framework

The Essential 8 ranks organisational maturity across different pillars of security. This then provides a roadmap and plan of what you need to address and maintain moving forward. Many of the steps to take are simple steps such as activating Multi Factor Authentication or turning on specific settings.

Several forward thinking NFPs were prepared but a lot were not. And when the rush to enable work from home occurred, security initially took a backseat. You need to now bring your cyber security to the top of your priorities list. Following the ASD Essential 8 controls is an excellent place to start,” adds David.

Not convinced? Here are four reasons you should embrace the Essential 8 to protect your NFP.

#1 The Essential 8 offers best practice mitigation for cyber attacks

According to David, one of the key attractions of the Essential 8 for NFPs is the fact it is has been tried and tested by government departments. Released in 2016, the Essential 8 Framework was created to standardise cyber security approaches across government departments.

NFP leaders often don’t have time to look at multiple solutions or speak to countless vendors when it comes to IT. They just want a solution that they can trust, implement, and maintain,” says David.

#2 Increased expectation to have appropriate mitigation strategies for cyber-attacks in place

Whilst not mandatory, compliance with the Essential 8 is becoming increasingly expected. During tender processes or funding applications NFP leaders may find themselves being asked to prove they have a robust cybersecurity plan in place.

These questions can come with requests of granular information to prove you are doing more than the bare minimum. Advising that your NFP adheres to the ASD Essential 8 Controls is an appropriate answer that demonstrates you take a proactive approach to your cyber security.

#3 The Essential 8 Framework is constantly evolving and updated to keep your NFP safe

To avoid complacency, the ASD Essential 8 Controls is regularly updated with new criteria and steps for organisations to take.

The criteria are based on maturity levels within different areas, but these do change from time to time. It prohibits you from taking a ‘set and forget’ mentality with your security. It also forces you to dig deeper and ensure you know and understand how your IT and organisation is protected,” explains David.

#4 The Essential 8 is a highly cost-effective mitigation strategy for cyber security attacks

As a budget conscious industry, one key attraction of Essential 8 for NFPs is the cost. Implementing the framework requires specialist skill but does not need major investment.

NFP leaders are budget conscious. They want to commit their funds, wherever possible, to their mission not their IT. Therefore, we are seeing more and more NFPs embrace the Essential 8. It keeps them safe and allows them to focus on their organisational goals,” says David.

Finding specialist support that understands your NFP

If you are not confident or unaware of your cyber security maturity, it is a good indicator that you could do better. To ensure you invest in the right solution, you need to identify a partner with both a deep understanding of NFPs, and proven experience implementing the ASD Essential 8 Controls.

Techware is an IT and cyber security specialist with a wealth of experience working with NFPs.

We work with numerous NFPs, it is an industry we care deeply about and are always keen to support. Our qualified security specialists understand the importance of protecting a not-for-profit organisation and doing so with minimal interruption,” concludes David.

To find out more the ASD Essential 8 Controls, or to speak to a specialist contact Techware today.