Are you aware of the Australian Cyber Security Centre (ACSC) Essential Eight? From a recent survey conducted from Australian MSPs, the answer has overwhelmingly been no. Yet the follow-up question is: why not?
In short, the Essential Eight is a guide to help organizations mitigate cyber security incidents caused by various cyber threats. Over the next two months, we’ll be exploring these essential strategies, breaking down each one to raise awareness and provide some guidance on why it’s so important to keep these in mind.
What Is the Essential Eight?
No, the Essential Eight is not the next Quentin Tarantino film about a group of Ninjas going on a rampage. But, if you’re reading this Mr. Tarantino, I have a script you’ll definitely want to read!
As explained by ACSC, the Essential Eight is a best practices guide released by the Cyber Security Arm of the Australian Signal Directorate. Its goal is to provide a minimum baseline that all businesses should be implementing to mitigate the ever-increasing risk of cyber threats.
Why Is This Relevant to Me and My Clients’ Business?
Early in 2018, the Office of the Australian Information Commissioner (OAIC) introduced a new law called the Mandatory Notifiable Data Breach (NBD) scheme under Part IIIC of the Privacy ACT 1988. By law, companies are obliged to notify the government and any affected person(s) whose personal information may have been exposed during a data breach event.
While security should have been in the forefront of every MSP prior to the implementation of the NDB scheme, this new compliance re-enforces the need for good security practices and maintaining Australians' right to privacy.
Failing to comply can be quite costly. Not just in monetary penalties, but in the time it takes to go through the drawn-out, tedious process for notification of data breaches. And, from what I have heard from MSPs themselves, this is something you and your clients want to avoid at all costs.
I’ve Already Implemented AV and Firewalls for My Clients. Isn’t That Enough?
In short, the answer is no. The security landscape is constantly evolving and will continue to do so as hackers get smarter and look for other avenues to strike.
Let’s put this into perspective. About ten years ago, the standard practice was to have a firewall in front of the network and antivirus installed on every machine—and that was good enough. In today’s world, though, that just won’t cut it.
Almost every day we hear of a new threat or company being exposed by ransomware, phishing or brute force attack. As hackers and threats evolve, so too does the need for new technology to combat them. Today, we’re seeing solutions like SIEM and advanced endpoint security leading the way in mitigating these new threats.
How the Essential Eight Can Help
While advanced security solutions are excellent in mitigating and cleaning up unforeseen threats, most of you need a baseline to work off. Thankfully, the Australian Government has done this for you with the Essential Eight.
It’s not a mandatory action, but a Government-recommended guideline. The first challenge here is to educate or re-educate your clients on the new threat landscape, and help them understand why this is important. As you can see, the statistics are alarming and the threat is real:
- 14 Million small businesses were attacked over past 12 months
- 36 percent of cyber-attacks are conducted against SMBs
- 48 percent more SMBs experienced a breach due to employee neglect in 2017 vs. 2016
- 60 percent of small companies that suffer a cyber-attack go out of business within 6 months
While you don’t want to come across as scaremongering, these figures will not sit well with your clients, so you need to raise awareness about what they should be thinking about when it comes to protecting themselves.
What Is a Good Baseline for Security?
Unfortunately, there is no one-size-fits-all security offering that covers every single threat out there. There numerous statistics detailing the effects of cyber security breaches, but most agree that the bulk of potential threats can be buttoned up by getting the basics right.
Instead, think of security as a multi-layered approach. For example, the walls of a castle are your firewalls and antivirus, the boiling hot cauldrons and archers are your advanced protection and SIEM solutions, and the Essential Eight is the moat, the first layer of protection against any potential threat to your castle.
By creating these different layers of security, you are greatly reducing the chances of a breach and making it more difficult for potential threats to find your weaknesses in your defenses.
Handpicked for you:
By Steve Lowing
By Paula Griffin