Cyber Security Compliance - The Essential Eight

A recent ruling by the Federal Court of Australia is an important one for cyber security standards across Australian organisations. The ruling declared that financial services licensee RI Advice has "breached its legal obligation to have adequate cybersecurity systems in place". Due to the ruling, it appears that a new precedent for cyber security in Australia has been set. With organisations scrambling to avoid falling victim to the same fate as RI Advice, both industry leaders and stakeholders are looking for guidance on the matter.

With old standards now insufficient, the Australian Cyber Security Centre (ACSC) are labelling the ‘Essential Eight’ “the most effective” of their mitigation strategies. With this strong of a statement, it’s no wonder that the strategy has captured industry attention.

Recommendations are swiftly being made for all Australian Financial Services Licence (AFSL) holders to implement the Essential Eight Maturity Model as a baseline for their cyber security strategy. With such strong development options associated with the framework, organisations are viewing it as a way to efficiently tick their cyber security boxes, while still allowing space for future enhancements.

With this, it’s time to examine what exactly the Essential Eight strategy involves and what it means for your organisation:

What is the Essential Eight?

The Essential Eight is a set of mitigation strategies recommended by the Australian Cyber Security Centre (ACSC) to improve an organisation’s odds of withstanding a cyberattack. The strategies included in the Essential Eight act as a baseline for each organisation to build upon based on their own needs.  

No set of mitigation strategies can claim to be impenetrable against cyber attacks. However, the Essential Eight acts as an effective way to significantly reduce the probability of an attack. In closely following the model set out by the ACSC, organisations can feel more confident in their systems. The Essential Eight is one of the best tools you can have in protecting your organisation from outside interference. 

The Essential Eight was primarily designed to protect Microsoft Windows-based networks. However, it can be adapted to suit other cloud services or operating systems under expert guidance. 

The Essential Eight strategy targets eight core areas. These include:

1. Application control

2. Patch applications

3. Configure Microsoft Office macro settings

4. User application hardening

5. Restrict administrative privileges

6. Patch operating systems 

7. Multi-factor authentication

8. Regular backups