The Australian Cyber Security Centre (ACSC) has established a set of strategies to mitigate the risk of cyber security incidents. This series of strategies is called the Essential Eight.
Implementing these strategies, as a minimum, makes it much harder for cyber hackers to compromise your organisation’s systems. https://www.cyber.gov.au/acsc.
Why is the Essential Eight so important?
Cybercrime is rising in 2022 with Australians losing over $300 million to scams last year alone, with 43% of cyberattacks targeting small to medium businesses. Currently, the 2022 total amount lost is $72,231,217, an 84% spike since last year.
Self-reported financial losses due to cybercrime in Australia-based cybercrime reports totalled more than AUD $33 billion in 2021.
According to Bulletin 34 Aust. Institute of Criminology, the total economic impact of pure cybercrime in 2019 was approximately $3.5b. This encompasses $1.9b in money directly lost by victims, $597m spent dealing with the consequences of victimisation, and $1.4b spent on prevention costs. Victims only recovered $389m.
Governments are funding their internal Essential 8 cyber security controls
Although a Commonwealth initiative, the WA government has instigated a strike team to help departments and agencies to uplift their cyber security by mandating the Essential Eight cyber security controls.
Is it likely to affect your organisation?
Yes. All state and federal governments are working toward delivering Essential Eight strategies internally and as part of this drive. They will expect providers of certain services to also meet the Essential Eight standard.
What are the Essential Eight strategies?
The mitigation strategies that constitute the Essential Eight are:
control,
patch applications,
configure Microsoft Office macro settings,
user application hardening,
restrict administrative privileges,
patch operating systems,
multi-factor authentication, and
regular backups.
Proactively implementing the Essential Eight may be far more cost-effective that having to respond to a large-scale cyber security incident.