Essential Eight is what the Australian Signals Directorate is calling their latest set of mitigation strategies.
This latest guidance builds on previous work from the Australian Government, including the highly-regarded ASD Top 4 and awareness campaigns such as Catch, Patch and Match.
Advocating an evidence based approach to cyber resilience, the ASD claims their Essential Eight can save organisations considerable time, money, effort and reputation damage, particularly when compared to the costs of cleaning up after a compromise. Prevention is always more cost-effective.
What is the Essential Eight?
The Essential Eight isn’t just your normal to-do list of security tasks, but more broadly also sets about a high-level theme of cyber resilience with two areas of concern:
- To prevent malware from running in your environment; and
- To limit the extent of security incidents and be able to recover data.
In a nice touch for each of the items is also the explanation of “Why” each is important – a great advantage for understanding the implications of each step. Here’s the Essential Eight.
To Prevent Malware Running
1. Application Whitelisting – only allowing selected software applications to run on computers. Why? Because this can prevent all other software applications, including malware.
2. Patch Applications – patching security vulnerabilities in software applications; keeping them up to date. Why? Because adversaries use well known exploits in vulnerable software to target computers.
3. Disable Untrusted Microsoft Office Macros – Microsoft Office “macros” which can automate tasks and should be disabled. Why? Macros are well known for being used to download malware.
4. User Application Hardening – Various items, such as blocking browser access to Adobe Flash player, web ads and Java applets. Why? Flash, Java and Web ads have been implicated in delivering malware.
To Limit Incidents & Recover Data
5. Restrict Administrative Privileges – using only admin privileges for managing systems, and only for those who need them. Why? These are your ‘keys to the kingdom’ protect them at all cost.
6. Patching Operating Systems – keep your operating systems up to date and full patched for vulnerabilities. Why? Because adversaries are known to target vulnerable systems.
7. Multi-Factor Authentication – using strong authentication with a second-factor, typically such as a physical token or ‘something you have’ Why? Make it a lot harder for adversaries to compromise accounts, even if the password is breached.
8. Daily Backup of Important Data – regularly backup all data and store it securely offline. Why? So you can get back the data if you suffer a cyber security incident.