Skip to content

Southern Cyber

What is the Essential 8?

The Essential 8 is a risk management framework, developed by the Australian Cyber Security Centre (ACSC) designed to help businesses tackle key security concerns. The Essential 8 is made up of eight crucial mitigation strategies.

Prevent Attacks

Application Whitelisting

Only allow approved applications to run on systems to prevent the execution of malicious or unauthorised software.

Patch Applications

Keep software applications up to date with the latest security patches to minimise vulnerabilities that could be exploited by attackers.

Configure Microsoft Office Macro Settings

Disable or restrict the use of Microsoft Office macros, which are commonly abused by attackers to deliver malware.

User Application Hardening

Configure web browsers and email clients to block or warn against potentially malicious websites, attachments, and scripts.

Recovers Data & System Availability

Restrict Administrative Privileges

Limit administrative privileges to only authorised users who need them, reducing the potential impact of compromised accounts.

Patch Operating Systems

Regularly apply security patches and updates to operating systems to address known vulnerabilities.

Multi-Factor Authentication (MFA)

Require the use of MFA for accessing sensitive systems and information to add an extra layer of security beyond passwords.

Limits Extent of Attacks

Daily Backups

Regularly back up important data and verify the integrity of backups to ensure critical information can be restored in the event of data loss or ransomware attacks

The Essential 8 is made up of eight crucial mitigation strategies. These strategies are designed address the most common types of cyber attacks and provide to a baseline level of security for organisations.The Essential Eight is not meant to be an exhaustive list of all possible security measures, but rather a prioritised set of strategies that can be implemented to improve an organisation’s cyber resilience.

Essential Eight Maturity Level

The Essential Eight Maturity Model is designed to assist organisations to implement the Essential Eight in a graduated manner based upon different levels of adversary tradecraft and targeting.
The different maturity levels can also be used to provide a high-level indication of an organisation’s cyber security maturity.

Not aligned with the mitigation strategy (no compliance)

This maturity level signifies that there are weaknesses in an organisation’s overall cyber security posture. When exploited, these weaknesses could facilitate the compromise of the confidentiality of their data, or the integrity or availability of their systems and data, as described by the tradecraft and targeting in Maturity Level One below.

Partly aligned with the mitigation strategy (low compliance)

The focus of this maturity level is adversaries who are content to simply leverage commodity tradecraft that is widely available in order to gain access to, and likely control of, systems. For example, adversaries opportunistically using a publicly-available exploit for a security vulnerability in an internet-facing service which had not been patched, or authenticating to an internet-facing service using credentials that were stolen, reused, brute forced or guessed.
Read more
Generally, adversaries are looking for any victim rather than a specific victim and will opportunistically seek common weaknesses in many targets rather than investing heavily in gaining access to a specific target. Adversaries will employ common social engineering techniques to trick users into weakening the security of a system and launch malicious applications, for example via Microsoft Office macros. If the account that an adversary compromises has special privileges they will seek to exploit it. Depending on their intent, adversaries may also destroy data (including backups).

Mostly aligned with the mitigation strategy (medium compliance)

The focus of this maturity level is adversaries operating with a modest step-up in capability from the previous maturity level. These adversaries are willing to invest more time in a target and, perhaps more importantly, in the effectiveness of their tools. For example, these adversaries will likely employ well-known tradecraft in order to better attempt to bypass security controls implemented by a target and evade detection. This includes actively targeting credentials using phishing and employing technical and social engineering techniques to circumvent weak multi-factor authentication.
Read more
Generally, adversaries are likely to be more selective in their targeting but still somewhat conservative in the time, money and effort they may invest in a target. Adversaries will likely invest time to ensure their phishing is effective and employ common social engineering techniques to trick users to weaken the security of a system and launch malicious applications, for example via Microsoft Office macros. If the account that an adversary compromises has special privileges, they will seek to exploit it, otherwise they will seek accounts with special privileges. Depending on their intent, adversaries may also destroy all data (including backups) accessible to an account with special privileges.

Fully aligned (highly protected) (high compliance)

The focus of this maturity level is adversaries who are more adaptive and much less reliant on public tools and techniques. These adversaries are able to exploit the opportunities provided by weaknesses in their target’s cyber security posture, such as the existence of older software or inadequate logging and monitoring. Adversaries do this to not only extend their access once initial access has been gained to a target, but to evade detection and solidify their presence. Adversaries make swift use of exploits when they become publicly available as well as other tradecraft that can improve their chance of success.
Read more
Generally, adversaries may be more focused on particular targets and, more importantly, are willing and able to invest some effort into circumventing the idiosyncrasies and particular policy and technical security controls implemented by their targets. For example, this includes social engineering a user to not only open a malicious document but also to unknowingly assist in bypassing security controls. This can also include circumventing stronger multi-factor authentication by stealing authentication token values to impersonate a user. Once a foothold is gained on a system, adversaries will seek to gain privileged credentials or password hashes, pivot to other parts of a network, and cover their tracks. Depending on their intent, adversaries may also destroy all data (including backups).

Our highly skilled security experts can work with you and your team to identify the gaps in your business’s IT operations via an internal audit against the Essential Eight Framework.

Once the gaps have been identified we can then deliver a tailored plan for an alignment that fits your budget as well as business requirements.

Contact us






    Tel: 1300 080 002

    Level 7, 115 King William Street, Adelaide SA 5000