Blog

Adopt the Essential 8 (ASD l ASC) as part of your cyber security strategy.

Share
Share
Share on facebook
Share on linkedin
blog_essential_8_cybersecurity_strategies_v1

These strategies have meant IT departments are trying to solve new issues, or find better ways to approach the risks associated with remote working. To assist IT professionals in these unprecedented times, the Australian Cyber Security Centre (ACSC) has developed and recommended a risk management framework for all businesses to incorporate into their cyber security strategies.

What are the Essential Eight?

The Essential Eight are mitigation strategies designed by the ACSC to help organisations mitigate or prevent cybersecurity incidents.

Together, they target the three key areas of cyber security:

  • Preventing attacks
  • Limiting the extent and impact of attacks
  • Data recovery and system availability


The Essential Eight are:

Application controlsApplication Control
The level of control and constraints you have over users’ applications.
Patch applicationsPatch Applications
Refers explicitly to updating third-party applications. It focuses on applying security updates and patches as quickly as feasible.
Configure Microsoft Office Macro Settings
This refers to the amount of freedom your users have to run macros in Microsoft Office applications.
User Application HardeningUser Application Hardening
Refers to the limitations in place on users’ applications. For example, ads should not be processed from web browsers and users should not be able to change these settings.
User Application HardeningRestrict Administrative Privileges
Place limits on access to systems and applications, meaning only privileged users will have Admin rights.
User Application HardeningPatch Operating Systems
To ensure that OS patches, updates, and security mitigations for internet-facing services are applied within two weeks of release – or within 48 hours if an exploit exists.
Multi Factor AuthenticationMulti-Factor Authentication (MFA)
This section involves enforcing MFA for all privileged access. Maturity starts by enforcing MFA for all users before they access internet-facing services and third-party providers.
User Application HardeningDaily Backups
ensuring critical systems and information is securely backed up and readily available.

 

It’s important for cyber security strategies to include the Essential Eight because they mitigate about 85% of all targeted cyber-attacks.

 

How can you include them in your security strategy?

A comprehensive set of security services designed to secure and protect your environment is crucial. SASE lays the foundation to implement controls identified in the Essential 8.

Secure Access Service Edge (SASE) is a cloud-based model that enables organisations to apply network and security features, in a distributed environment, without disrupting application performance or the end-user experience.

Considering the adaptive nature of cyber attacks and how quickly new developments are needing to be adopted, having a simple solution that is designed for scalability is worth adopting.

SASE allows you to:

  • Move access control closer to where it’s needed — the user and the cloud edge. Having this capability will make implementing and changing the User application hardening and Application control mitigation strategies easier to manage for your IT department.
  • Reduce complexity and consolidate security functions in an efficient as-a-service model. Will cut down on the number of Multi-factor authentication (MFA) tools and applications needed, which will make life easier, without sacrificing control.
  • Make your business more agile in a constantly changing world. The need to be agile and adaptive has never been so clear. The benefits of having a solution that “moves” with you is critical.
  • Simplify deployment, management, and policy enforcement across all environments. This means it’ll be a snap to make adjustments to Patch applications, Configuring Microsoft Office macro settings and Patch operating systems mitigation strategies.

While the cost or time to implement a new solution might feel overwhelming for businesses, using a solution like SASE is ideal as it can be implemented in stages to minimise disruption to your services. Ensure you take the time to find a provider who can tailor your solution and manage the implementation in a way that works for your business.

Nexon has partnered with leading technology providers such as Cisco to deliver SASE solutions, tailored to meet your business needs. Click here to learn more.

Related articles

6th May, 2022 | Nexon Asia Pacific
Innovation and agility will be your secret weapon in 2022
In the latest budget announcements, the Australian government announced plans to bolster cyber security investments to accelerate digital programs and prioritise relief to support cyber spending. This move highlighted the critical nature of our threat landscape and the need to build a cyber security workforce to minimise and mitigate cyber threats nationally. The question remains, […]
2 minutes
4th May, 2022 | Nexon Asia Pacific
Why Analytics and AI are essential and valuable to your organisation
Analytics and AI have become a significant area for businesses in recent years with an IDC research reporting that Australian organisations “will spend $2 billion on artificial intelligence systems by the end of 2022”, the research also predicted that investments in AI by Australian organisations “will continue beyond 2022, and AI spending will reach more […]
3 minutes
11th April, 2022 | Nexon Asia Pacific
Drive meaningful interactions and improve user experience
As the world rapidly changes, so does technology and customer expectations. In an ever-evolving reality where everyone seems to be going in the fast lane, organisations need to follow suit and invest in technology that improves interactions with customers, as well as delivers impactful experiences for employees and stakeholders. When the subject is virtual agents […]
3 minutes

Whitepaper

Expert strategies for tackling 2021’s cyber security norms

nexon-cybersecurity-ebook@1x 1