The Essential 8 and why you should consider them?
Cyber Security is a complicated space, it takes a great deal of time, effort, and money, and required a team of talented professionals to plan and implement it properly.
In an effort to simplify Cyber Security controls to organizations and how these controls can be implemented, the Australian Cyber Security Centre (ACSC) developed and released The Essential Eight (E8).
The E8 is a list of eight mitigation strategies recommended for organizations to implement to protect themselves against a wide range of cyber threats. The main objective of the E8 is to make it harder for threat actors (aka the bad guys) to compromise your organization and your systems.
The E8 combined with the E8 Maturity Model which is the guideline that helps you understand the definition of these strategies, and their different maturity levels. The Maturity Model can be used to assess your organization’s security posture to determine your current status and plan your implementation plan accordingly.
These strategies and their associated maturity model are based on the ACSC’s experience in producing cyber threat intelligence, responding to cyber security incidents, conducting penetration testing, and assisting organizations to implement the E8. They were first published in June 2017 and updated regularly by the ACSC.
It’s important to highlight that the E8 outlines a minimum set of preventative measures. Organizations should and will need to implement additional measures to those within the E8 Maturity model where it is warranted by their environment, security requirements, regulators’ obligation, and so on.
Further, the E8 alone will not mitigate all cyber threats. As mentioned, additional mitigation strategies and security controls should also be considered, including those from “Strategies to Mitigate Cyber Security Incidents” and the “Information Security Manual”; both are published by the ACSC as well.
Let’s take a further look into each one of these measures
The E8 preventative measures are:
1. Application Control
2. Patch application
3. Configure Microsoft Office Macros
4. User application hardening
5. Restrict Administrative Privileges
6. Patch Operating system
7. Multi-factor authentication
8. Regular backups
1. Application control
This measure focuses on managing and controlling applications used by an Enterprise/Organization. This measure allows organizations to control which drivers and applications are allowed to run on their devices.
Two of the most common tools used for application control are WDAC and Applocker
2. Patch application
Nothing more dangerous than leaving your systems and applications running without the latest security patches. This measure allows the administrator to scan and identify vulnerabilities, and identify missing security updates and patches across applications used in the Enterprise/Organization.
Microsoft Endpoint Manager is a commonly used tool to patch applications.
3. Configure Microsoft Office Macros
A macro usually contains a series of commands that can be coded or recorded and replayed at a later time to automate tasks. Macros are created by users to improve their productivity and reduce repetitive tasks. While Macros are great to improve productivity, it’s one of the most common entries used by threat actors to gain a foot into your organization.
This measure focuses on disabling Macros for users that do not have a business requirement or need.
4. User application hardening
This measure aims at securing applications that frequently connect to the internet such as Internet Browsers, Email clients, Browser plugins, Software platforms, PDF Software, or Microsoft Office. Hardening applications is an important part of reducing the risk of these applications and others connecting and interacting with the internet. The intent is to reduce and manage the attack surface for these applications by focusing on things like preventing web browsers from processing Java or ensuring web browsers’ security settings are managed by administrators and not end-users, etc.
Microsoft Endpoint Manager is commonly used for application hardening.
5. Restrict Administrative privilege
Restricting administrative privileges is one of the most effective mitigation strategies. Users with administrative privileges for operating systems and applications are able to make significant changes to their configuration and operating system, enabling them to bypass critical security settings and access sensitive information. An environment where administrative privileges are restricted is more stable, predictable, easier to administer, and support, and more importantly, secure as fewer users can make significant changes to their operating environment, either intentionally or accidentally.
Enterprises use tools such as CyberArk to manage Administrative privileges.
6. Patch Operating system
This is meant to ensure that your organization’s operating systems are secure and up-to-date. It is critical that the organization frequently checks for patch updates and install/deploy them across their enterprise fleet.
Microsoft Endpoint Manager is a commonly used tool for Operating systems.
7. Multi-factor authentication
Multi-factor authentication (MFA) is a security measure where you require two or more proofs of identity to gain access to a resource or service (check my other article where I explain MFA further). It usually is a combination of something you know (Password, pin), something you have (token or card), and something you are (Fingerprint, retina, etc.) Multi-factor authentication when implemented correctly can significantly reduce all cyber attacks.
8. Backups
Regular backups will help your organization to recover and maintain its operations in the event of a cyber incident. If you lose access to your files due to a cyber incident, restoring from your most recent secure backups will enable your organization to recover and start operating again much more quickly. Backups and data restoration from backups should be regularly tested in order to ensure availability is applicable and functions properly.
Microsoft 365 Desired State Configuration Tool (Microsoft365DSC) can be used to take backup and restore the configuration of your Microsoft 365 tenancy.
While these security measures when implemented will not eliminate all cyberattacks, they will definitely reduce the impact of any attack on your organization and position you in a much better place if you end up responding and mitigating the impact of a cyber incident.
Thanks for reading. Feel free to share any feedback in the comment section.