The Australian Signals Directorate (ASD) recommends eight essential strategies to prevent malware delivery, limit the impact of cybersecurity attacks and improve recovery. Released in 2017, the Essential Eight is an evolution of the ASD’s Top Four recommendations.
The Essential Eight strategies cover:
Implementing systems that minimise the impact of cyber incidents is crucial, but how do you know where your vulnerabilities lie, and which gaps to address first?
It can be hard to find direction and know what best practice looks like when building a security strategy.
As an insider, it can be difficult to assess your environment objectively in order to identify risks. With limited time and resources, knowing where to begin and what to prioritise when building and implementing a security strategy can be challenging.
Threats are also constantly changing; it’s hard to keep up. In fact, 70% of today’s malware is customised to the targeted organisation2.
Pro Tip: Have an external expert assess your environment to understand your security posture.
Many businesses have adopted ‘productised’ security solutions that often overlap with each other or leave gaps in your security stack. These point solutions lack the integration with your broader IT environment to make sure your organisation is secure.
Managing security across many tools creates a complex environment, which only creates more room for error. With so many systems to monitor, it’s hard to notice the red flags amongst the many notifications in order to promptly remediate issues.
Pro Tip: Don’t over-engineer your security strategy – simplicity is the ultimate sophistication.
Customers without a standardised approach to security have a higher risk of attack, increased impact of attack and slower recovery. On average, it takes 281 days for an Australian organisation to identify and contain a breach3.
Breaches can incur financial and legal penalties for non-compliance. The average cost of an Australian data breach is $2.13 million3.
Compromised credentials account for 74% of data breaches, according to the Notifiable Data Breaches Scheme4.
Pro Tip: Standardise your approach to security, to better manage your defensive strategy.
Using the ASD recommendations as a framework, Data#3 has built the Essential Eight Adoption Roadmap to help organisations understand and improve their security posture.
Learn how to leverage your existing Microsoft investment to execute an Essential Eight security strategy.
The Essential Eight Adoption Roadmap is a 5-day engagement, conducted by a Data#3 Information Assurance Specialist, including up to 2 days spent onsite with the customer. The audit will help you understand your current security maturity and defensive posture, in alignment with the ASD Essential Eight.
The engagement will begin with a discovery session to understand your business, technology environment and key objectives. Technical workshops will follow, focusing on application whitelisting, patching applications, patching operating systems, multi-factor authentication, managing administrator rights, daily backups, managing Microsoft Office macros and application hardening.
The Data#3 Information Assurance Specialist will gather data and analyse each of the above factors. Detailed findings will be compiled into a report providing evidence of your current security state, as well as expert recommendations for optimisation. A high-level roadmap will be shared outlining the projects to be undertaken, indicative costs, timelines and the recommended software, hardware and services required. The report will be shared with you for review, followed by a presentation lead by the assessor to discuss your results in-depth.
Combining the experience of a dedicated strategic consulting team, as well as hands-on cybersecurity specialists, Data#3 has one of the most mature and highly accredited security teams in Australia. Leveraging a breadth of security solutions and a strong vendor portfolio Data#3 can help you design, implement and maintain superior security measures, tailormade to protect your business. Having conducted countless security assessments, we have developed a proven model to strengthen resilience, incident response and recovery.
As Microsoft’s largest Australian partner, and a Microsoft Gold Security Partner Data#3’s expert team are globally recognised as leaders in securing your environment with the Microsoft security portfolio.
• Download The ASD Essential Eight Explained eBook to learn more about the strategic controls.
• Download a Solution Overview of the Essential Eight Adoption Roadmap Service.
• Submit the form below to request a sample report of an Essential Eight Adoption Roadmap.
• Contact us below to book an Essential Eight Adoption Roadmap.
1. The Essential Eight expand upon the ‘Top 4’ mitigation strategies, part of the Australian government’s Protective Security Policy Framework. The Australian Signals Directorate have stated that implementing the Top 4 mitigation strategies can prevent up to 85% of unauthorised intrusions.
2. Rainey, Larry B. (September 3, 2018) Engineering Emergence: A Modeling and Simulation Approach. [Online] Available at: https://books.google.com.au/books?d=DQlpDwAAQBAJ&printsec=frontcover&source=gbs_ge_summary_r&cad=0#v=onepage&q&f=false
3. IBM Security. (2019) Cost of a Data Breach Report. [Online] Available at: https://databreachcalculator.mybluemix.net/executive-summary/4
4. Office of the Australian Information Commissioner. (February 28, 2020) Notifiable Data Breaches Report July – December 2019. [Online] Available at: https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-statistics/notifiable-data-breaches-report-july-december-2019/