Essential Eight Uplift
Looking to raise your company’s cyber protection levels to reduce your risk of cyber attacks? Our experienced team can help you increase your cyber security with the Essential Eight.
What is the Essential Eight?
The Essential Eight is a cyber security framework comprised of eight mitigation strategies developed by the Australian Cyber Security Centre (ACSC), to help organisations mitigate the risk of cyber attack. The Essential Eight framework provides a baseline level of ICT security that makes it much harder for systems to be compromised.
Restrict Administrative Privileges
Patch Operating Systems
User Application Handling
Configure MS Office Macro Settings
Who needs the Essential Eight?
The federal government has mandated the Essential Eight framework for non-corporate Commonwealth entities, so if you are tendering for Government contracts you will be expected to comply with any security requirements required by that entity. Also, many Prime Defence contractors are increasingly requiring compliance with the Essential Eight.
Aside from mandated requirements however, it just makes good business sense. It provides peace of mind that your own assets and ICT systems, as well as those of your customers and suppliers, are protected from being compromised.
The ACSC receives approximately 144 reports of cybercrime per day, with $300 million in estimated annual losses per year (Source: ACSC Cyber Security and Australian Small Businesses Results from the Australian Cyber Security Centre Small Business Survey). The cost of implementing the Essential Eight controls is relatively small, whereas the risk to your reputation, finances and data - should a cyber-attack occur - is high.
Essential Eight vs DISP: Which one do I need?
The Essential Eight is applicable and beneficial to every organisation and every sector. Implementing the framework is a relatively simple way to protect important electronic business information, assets and systems.
Membership to the Defence Industry Security Program (DISP) is a Defence requirement. Therefore, if you do not work in the Defence sector or are not interested in winning work in Defence you don’t need to attain DISP membership. It is worth noting that the Top 4 elements of the Essential Eight (application control, patch applications, restrict administrative privileges and patch operating systems) are required for DISP.
How does it work?
The Essential Eight is comprised of three maturity levels:
Maturity Level One
Maturity Level Two
Maturity Level Three
It is recommended that organisations aim to achieve Maturity Level One and work their way up as required. When determining the appropriate Maturity Level, an organisation should consider the likelihood of being targeted, as well as the consequences of a cyber security incident. This is influenced by the type of information an organisation holds, as well as its requirement for the availability and integrity of its systems and data.
How De Stefano & Co can help
The De Stefano & Co team have an unrivalled understanding of the framework underpinning the Essential Eight, ensuring that we make the process of understanding how to implement the appropriate strategies as simple and cost effective as possible for our clients. Gold-plating is common, particularly when it comes to ICT/Cyber requirements. Our team are here to simply solve your problems by making recommendations based on your needs, without all the unnecessary bells and whistles.
Our process is simple:
The process of understanding your business and where you sit in comparison to the requirements of the maturity model. A comprehensive report is provided which details any gaps identified and the recommendations for closing those gaps.
We will liaise with your own internal IT representatives or appointed external IT service providers to ensure they fully understand the ICT/Cyber Security recommendations and how to enact them.
As a trusted source of Defence security education and guidance to academia, industry associations and their members nationwide, the team at De Stefano & Co are well-placed to support your business with the uplift of its cyber security maturity.
If you’d like to talk to us about supporting your business in implementing the Essential Eight framework, please complete the form on our Contact page, or get in touch with our friendly team on 1300 GET DISP (1300 438 347).