The Essential Eight, what it means to your business plus a bold prediction

The Essential Eight is a set of mitigation strategies developed by the Australian Cyber Security Centre (ACSC) designed to improve the cyber security posture of Australian Businesses.  The overarching goal of the Essential Eight is to make it much harder for your I.T. systems to be compromised.  The eight areas of interest are:

  • application control
  • patch applications
  • configure Microsoft Office macro settings
  • user application hardening
  • restrict administrative privileges
  • patch operating systems
  • multi-factor authentication
  • regular backups

The general idea is that organisations are rated on a scale, known as a ‘maturity model’ to determine what cyber security strategies it has in place in relation to each of the eight areas defined above.  Sounds like fun, right?

There are four maturity levels for each item, maturity level zero just means it hasn’t been formally assessed yet, whereas levels 1, 2 and 3 offer increasing levels of protection or ‘system hardening’.  Achieving maturity level 1 in most areas is relatively straight forward, in fact most of our MSP clients already meet the requirements to achieve a maturity rating of at least 1.

If you want to learn more about the Essential Eight start here.

Right now, as far as I know there is no requirement for any business in Australia to comply with any of the Essential Eight, I’m sure there would be private agreements that reference it already but nothing written in to law.

I promised you a bold prediction and here it is, I think we are going to start seeing a mandated requirement for Essential Eight compliance in the not too distant future.  It will start with very specific types of businesses at first, for example the federal government might require all tax agents who have online access to their client’s data to be assessed for their Essential Eight maturity  and maintain a particular maturity level.  Businesses which operate trust accounts such as conveyancing, law firms and real estate agents will probably be next in line as will I.T. service providers like us.  This will probably flow through to private business agreements as well and might even become a selling point – “Come do business with us, we’re Essential Eight certified!”.

Very big businesses such as banks and government departments are already implementing the Essential Eight and I wouldn’t be at all surprised if big businesses over a certain turnover threshold are mandated to be Essential Eight compliant no matter what industry they are in.

We all know the wheels of government turn slowly but I think these changes are probably only a few years away at most.

If you would like to know how your business stacks up against the Essential Eight maturity model and what can be done to improve your cyber security posture let us know.

Our Services

Managed IT Support

Our fixed price Managed IT Support Programs will increase your businesses competitiveness and efficiency with our I.T. Professionals on call for you 24/7.

Same Day On-Site Support

Class leading response times ensure your that when things do go wrong we’ll be there in a hurry so you can get on with doing what your business does best.

Security and Data Protection

Custom designed security and data backup systems protect your business from emerging threats and gives you peace of mind.

Hardware and Software

We supply, install and maintain hardware and software from all major vendors including Hewlett-Packard, Microsoft, IBM, Intel and Dell all with our 30 day reconfiguration guarantee.