How to implement effective Essential Eight risk mitigation in a hostile cyberthreat environment

By on
How to implement effective Essential Eight risk mitigation in a hostile cyberthreat environment

Businesses and government organisations today face increasingly sophisticated and damaging cyberthreats, including state-sponsored critical infrastructure attacks, new versions of ransomware and phishing messages nearly indistinguishable from legitimate communications.

The Australian Cyber Security Centre (ACSC) Essential Eight strategies provide a baseline from which  businesses and organisations can mitigate the potential financial, reputational and operational risks posed by these threats. 

From this baseline, businesses and organisations can implement additional  measures as required to deliver the required level of protection. 

Growing threat levels increase risk to government and businesses

A range of government and vendor reports showcase the damage cyberthreats and data breaches are causing to businesses and organisations today.  

For example, the Office of the Australian Information Commissioner (OAIC) reported that incidents involving malicious or criminal attacks at organisations covered under the Notifiable Data Breaches scheme rose by a full 41% in July-December 2022. 

In addition, the ACSC’s Annual Cyber Threat Report 2022 revealed the average cost per cybercrime report had risen by an average of 14% to over $39,000 for small businesses, $88,000 for medium businesses and over $62,000 for large businesses. 

Severe breaches of business or government environments can take months to uncover, prompt regulatory action including heavy fines, and cause severe reputational loss. 

These consequences amplify near-term damage such as loss of intellectual property, disruption to operations and financial theft.  

The impact of a major breach can extend well beyond a business or organisation to its customers, partners, suppliers and the broader community. 

Some of the largest and most publicised recent local data breaches include the exposure of data of current and former customers at Australia’s second-largest telecommunications operator, Optus, and the theft of personal information of Australian and New Zealand customers of financial services provider Latitude. 

Internationally, telecommunications provider Verizon’s 2023 Data Breach Investigations Report revealed that costs to businesses of ransomware attacks had soared, with the number of attacks also surging. 

In addition, the human element was a factor in 74% of breaches, “even as enterprises continue to safeguard critical infrastructure and increase training on cybersecurity protocols,” Verizon said.

Embracing cybersecurity strategies essential to mitigate risk

In this environment, implementing effective strategies to protect systems, data and people is essential. 

The ACSC recommends businesses and organisations implement the Essential Eight risk mitigation strategies as a baseline to make it harder for adversaries to compromise their systems. 

Essential Eight strategies are designed primarily to protect Microsoft Windows-based, internet-connected networks. Implementation of the Essential Eight is supported by the Essential Eight Maturity Model., which is based on the ACSC’s experience in addressing cyber security threats. 

This model defines four maturity levels that businesses and organisations can achieve to help mitigate attackers’ tradecraft and targeting.     

By implementing the Essential Eight to a targeted level of maturity, businesses and organisations can:

  • proactively improve their security using fewer resources and less expenditure than would be needed to respond to a large-scale cyber security incident
  • gain a high-level indication of their cybersecurity maturity
  • adopt strategies and maturity models that are regularly updated by the ACSC to remain contemporary, contestable and actionable against constantly-evolving adversaries, and
  • comply with regulatory requirements (for example, the federal government is mandating Essential Eight compliance for all 98 non-corporate Commonwealth entities)

However, implementing and maintaining Essential Eight risk mitigation to a required maturity level can be a complex exercise that diverts technology teams and expertise from core business enablement tasks. 

Working with security specialist ESET Australia, businesses and organisations can effectively deploy and run solutions that help implement the Essential Eight. 

They can also take advantage of cyber risk audit capabilities that enable them to review and assess their IT infrastructure for potential weaknesses. These audits should be undertaken regularly to account for evolving threats and relevant geopolitical events; for example, according to the ESET SMB Digital Security Sentiment Report, 73% of small to medium businesses admitted the pandemic and conflict in Ukraine had motivated them to increase their cybersecurity investments. 

Click here For more information about ESET Australia’s Essential Eight and cyber risk audit offerings.      

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © nextmedia Pty Ltd. All rights reserved.
Tags:
cyberthreat eset government partner content

Partner Content

How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
Kaseya Dattocon APAC 2024 is Back
Kaseya Dattocon APAC 2024 is Back
Ingram Micro Ushers in the Age of Ultra
Ingram Micro Ushers in the Age of Ultra
Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Build cybersecurity capability with award winning Fortinet training from Ingram Micro

Sponsored Whitepapers

Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
2025 State of Machine Identity Security Report

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services
Tech Research Asia to present Australian IT M&A report

Tech Research Asia to present Australian IT M&A report
MSPs pressed to review ransomware response as new reporting rules commence

MSPs pressed to review ransomware response as new reporting rules commence
Comms Group to spend $10m to buy TasmaNet business and assets

Comms Group to spend $10m to buy TasmaNet business and assets

Log in

Email:
Password:
  |  Forgot your password?