These strategies have meant IT departments are trying to solve new issues, or find better ways to approach the risks associated with remote working. To assist IT professionals in these unprecedented times, the Australian Cyber Security Centre (ACSC) has developed and recommended a risk management framework for all businesses to incorporate into their cyber security strategies.
What are the Essential Eight?
The Essential Eight are mitigation strategies designed by the ACSC to help organisations mitigate or prevent cybersecurity incidents.
Together, they target the three key areas of cyber security:
- Preventing attacks
- Limiting the extent and impact of attacks
- Data recovery and system availability
The Essential Eight are:
The level of control and constraints you have over users’ applications.
Refers explicitly to updating third-party applications. It focuses on applying security updates and patches as quickly as feasible.
This refers to the amount of freedom your users have to run macros in Microsoft Office applications.
Refers to the limitations in place on users’ applications. For example, ads should not be processed from web browsers and users should not be able to change these settings.
Place limits on access to systems and applications, meaning only privileged users will have Admin rights.
To ensure that OS patches, updates, and security mitigations for internet-facing services are applied within two weeks of release – or within 48 hours if an exploit exists.
This section involves enforcing MFA for all privileged access. Maturity starts by enforcing MFA for all users before they access internet-facing services and third-party providers.
ensuring critical systems and information is securely backed up and readily available.
It’s important for cyber security strategies to include the Essential Eight because they mitigate about 85% of all targeted cyber-attacks.
How can you include them in your security strategy?
A comprehensive set of security services designed to secure and protect your environment is crucial. SASE lays the foundation to implement controls identified in the Essential 8.
Secure Access Service Edge (SASE) is a cloud-based model that enables organisations to apply network and security features, in a distributed environment, without disrupting application performance or the end-user experience.
Considering the adaptive nature of cyber attacks and how quickly new developments are needing to be adopted, having a simple solution that is designed for scalability is worth adopting.
SASE allows you to:
- Move access control closer to where it’s needed — the user and the cloud edge. Having this capability will make implementing and changing the User application hardening and Application control mitigation strategies easier to manage for your IT department.
- Reduce complexity and consolidate security functions in an efficient as-a-service model. Will cut down on the number of Multi-factor authentication (MFA) tools and applications needed, which will make life easier, without sacrificing control.
- Make your business more agile in a constantly changing world. The need to be agile and adaptive has never been so clear. The benefits of having a solution that “moves” with you is critical.
- Simplify deployment, management, and policy enforcement across all environments. This means it’ll be a snap to make adjustments to Patch applications, Configuring Microsoft Office macro settings and Patch operating systems mitigation strategies.
While the cost or time to implement a new solution might feel overwhelming for businesses, using a solution like SASE is ideal as it can be implemented in stages to minimise disruption to your services. Ensure you take the time to find a provider who can tailor your solution and manage the implementation in a way that works for your business.
Nexon has partnered with leading technology providers such as Cisco to deliver SASE solutions, tailored to meet your business needs. Click here to learn more.