Mitigation Strategies with The Essential 8

By Luke Smits - Founder & Operations Manager
A laptop locked and protected

79% of companies suffered at least one cloud data breach in from 2021-2022 and 80% of incidents could have been addressed through modern approaches (source – IDC). This means, there were opportunities for prevention.

The Australian Cyber Security Centre (ASCS) has developed a list of mitigation strategies to help organisations, like yours, protect themselves from cyber attack. These strategies have been labelled The Essential 8.

They’re developed for businesses that utilise Microsoft Windows-based networks.

“Organisations need to consider that the likelihood of being targeted is influenced by their desirability to adversaries, and the consequences of a cyber security incident will depend on their requirement for the confidentiality of their data, as well as their requirement for the availability and integrity of their systems and data. This, in combination with the descriptions for each maturity level, can be used to help determine a target maturity level to implement.” (source)

You can learn more about ACSC’s recommendations here.

But, what about your business? Can the Essential 8 protect your bottom line? Let’s take a look at what they are.

Microsoft & The Essential 8

The Essential Eight, are a set of prioritised cyber security strategies designed to mitigate targeted cyber intrusions. These strategies were developed by the ACSC to provide organisations with a practical framework for improving their cybersecurity resilience.

1) Application Control: By implementing application whitelisting, organisations can control which applications are allowed to run on their systems, thereby preventing the execution of malicious or unauthorised software.

2) Patch Applications: Regularly patching applications and operating systems helps address known vulnerabilities and protect systems from cyber threats that exploit those vulnerabilities.

3) Configuring Microsoft Office Macro Settings: Microsoft Office macros can be used as a vector for malware attacks. Configuring the macro settings appropriately can reduce the risk of malicious macros compromising systems.

4) User Application Hardening: Configuring web browsers and email clients to block or warn about potentially malicious content, such as JavaScript and macros, helps protect against common attack vectors.

5) Restrict Administrative Privileges: Limiting administrative privileges to only those who require them helps prevent unauthorised access and restricts the impact of potential security incidents.

6) Patching Operating Systems: Similar to patching applications, keeping operating systems up to date with the latest security patches helps protect against known vulnerabilities.

7) Multi-Factor Authentication (MFA): Enabling MFA adds an extra layer of security by requiring users to provide multiple forms of authentication, such as a password and a temporary code sent to their mobile device.

8) Regular Backups: Regularly backing up important data and systems is crucial for recovering from cybersecurity incidents, such as ransomware attacks, ensuring minimal data loss and downtime.

Implementing these Essential 8 mitigation strategies provides organisations with a solid foundation for reducing their risk of cyber intrusions and enhancing their overall cybersecurity posture.

The Essential 8 is a general framework that can be adapted and implemented with various technology solutions, including those offered by Microsoft.

Cybercrime in organisations

We have more information about how to reduce your business’ risk of vulnerabilities here.

A list of security basics that businesses should implement to protect themselves includes:

  1. Using multi-factor authentication
  2. Utilising a model of least privilege
  3. Regularly identify and patch vulnerabilities
  4. Disable legacy protocols
  5. Ensure RDP, VMs, storage etc, are not accessible to the internet/public
  6. Ensure that you’re logging activity
  7. Utilise a single IdP where possible and federate


The best way to protect your business from cyber crime is to implement robust cyber security strategies, like the Essential 8.

If you’re unsure how vulnerable your business is, we can complete an audit for you and provide clear steps and strategies your business can put in place to mitigate risk and protect your bottom line.

To request an audit, or ask a question about Cyber Security - Get in touch.

Back to News