The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to assist organisations in protecting their systems against a range of cyber threats such as:
- targeted cyber intrusions (advanced persistent threats) and other external adversaries who steal data
- ransomware and external adversaries who destroy data and prevent computers/networks from functioning
- malicious insiders who steal data
While no single mitigation strategy is guaranteed to prevent cyber security incidents, organisations are recommended to implement eight essential mitigation strategies as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems. Furthermore, implementing the Essential Eight proactively can be more cost-effective in terms of time, money and effort than having to respond to a successful large-scale cyber security incident.
The Essential Eight are:
- application whitelisting – to control the execution of unauthorised software
- patching applications – to remediate known security vulnerabilities
- configuring Microsoft Office macro settings – to block untrusted macros
- application hardening – to protect against vulnerable functionality
- restricting administrative privileges – to limit powerful access to systems
- patching operating systems – to remediate known security vulnerabilities
- multi-factor authentication – to protect against risky activities
There are 37 questions in this survey.