JuiceIT 2024 Guest Blog – The Australian Signals Directorate (ASD) has put together a list of strategies to help organisations prioritise ways to mitigate cyber threats. The most important of these are the Essential Eight.
While this is a great starting point for businesses and industries hoping to protect their infrastructure and data, the Essential Eight protocols were not designed with modern IT in mind — for distributed workforces, cloud and Software
–as –a –Service (SaaS) applications, and the infrastructure to support ever-growing volumes of data.
In its own documentation, the Australian Cyber Security Centre (ACSC) highlights that the Essential Eight are “minimum” requirements. It also recommends that organisations can and should spend the time and resources expanding their security, DR, and cyber recovery plans to include additional measures and controls to minimise cyber threats.
There is no formal certification process, but the ACSC does recommend turning to independent parties or consultants to assess an organisation’s risk and recovery readiness.
When building out your plan, be sure to look at these five key areas.
Developing your security defences will provide an organisational understanding to manage cyber security risk to systems, people, assets, data, and capabilities. This means you need to list all your company’s assets and what needs to be protected.
Ensuring that your organisation has multi-layered defences that protect people, processes, and your entire IT infrastructure is essential to your organisational security.
This area helps to define the appropriate activities your organisation needs to identify when a cyber security event happens. With the right tools and processes in place, you can discover a breach quickly and mitigate it as best as possible.
It’s important to prepare for the worst and define the activities that must take place after you’ve detected a cyber security incident. This also includes the ability to contain the impact and communicate details to relevant stakeholders.
If and when that dreadful moment occurs, and your organisation finds itself in the midst of an attack, you will want to have already developed and implemented set plans, processes, and procedures for recovery and full restoration. These recovery processes and procedures are then executed and maintained to ensure timely restoration of systems or assets affected by cyber security incidents.
It’s clear that there are a lot of people, processes, and technologies needed to provide multi-layered security that addresses all of your organisation’s cyber defence needs. Many organisations will not be able to create this multi-levelled approach, whether due to financial constraints or limitations on their ability to hire the right talent.
Regardless of where you fall in your cyber planning, Data#3 and 11:11 Systems can help. We provide managed security services, as well as Disaster Recovery as a Service (DRaaS) and Backup as a Service (BaaS) to address many of the controls in the Essential Eight and beyond. In addition, if you’re struggling with knowing where to start, 11:11 Systems Consulting Services team can provide expert advice for your cyber recovery planning.
11:11 Systems (“11:11”) is a managed infrastructure solutions provider that holistically addresses the challenges of next-generation managed cloud, connectivity and security requirements. www.1111systems.com
You can also hear more from 11:11 systems at JuiceIT 2024, Australia’s largest IT Solutions and Services conference. Register here.