Cyberattacks are becoming more frequent and sophisticated, making proactive defense a business necessity. Essential Eight is a framework of eight baseline strategies designed to stop the most common threats.
This article breaks down each strategy and shares practical examples to help leaders understand how the Essential Eight can strengthen resilience and protect their organization.
Application Control: The Gatekeeper
What it is:
A security measure that allows only a pre-approved list of applications to run on a computer. This prevents unauthorized and malicious software from being executed.
Real-World Example:
A company uses a digital “whitelist” to ensure only approved software like Microsoft Office and its specific project management tool can run. When an employee tries to install a free, unapproved application downloaded from the internet, the system blocks it automatically and prevents a potential malware infection.
Patch Applications: Closing the Security Holes
What it is:
The process of regularly updating all software (e.g., web browsers, PDF readers, office suites) to fix security vulnerabilities.
Real-World Example:
An IT department is alerted to a new vulnerability in its web browser. Using an automated system, they push the patch to every computer within 48 hours, preventing an attack that has already been observed in the wild.
Configure Microsoft Office Macro Settings: Disarming a Common Weapon
What it is:
The practice of disabling or tightly controlling macros, which are small programs often embedded in Office documents and used by attackers to deliver malware.
Real-World Example:
A finance employee receives an email with an Excel spreadsheet that claims to contain an invoice. Because the company has configured macros to be disabled by default for internet-sourced files, the malicious code inside the macro is never executed when the employee opens the file.
User Application Hardening: Securing the Sandbox
What it is:
The practice of configuring user-facing applications, like web browsers and media players, to block or disable known attack vectors.
Real-World Example:
An organization configures its web browsers to block all pop-up ads and block Flash content by default. This simple configuration prevents a user from accidentally interacting with a malicious ad that could lead to a malware infection.
Restrict Administrative Privileges: The Principle of Least Privilege
What it is:
Limiting the special access rights (administrator privileges) that users have on a system. Users are only given the permissions they need to do their jobs.
Real-World Example:
A systems administrator uses a separate, non-administrator account for daily tasks like checking email and browsing the web. They only log into their administrator account when they need to perform specific, privileged actions, like installing software. If their standard email account is compromised, the attacker can’t access the network’s core systems.
Patch Operating Systems: Securing the Foundation
What it is:
The process of keeping the core operating systems (e.g., Windows, macOS, Linux) on all devices up to date with the latest security patches.
Real-World Example:
A new critical vulnerability is found in the Windows operating system. The IT team uses an automated tool to push the patch to all company computers overnight, preventing a large-scale attack that could affect the entire network.
Multi-Factor Authentication (MFA): The Second Lock on the Door
What it is:
A security method that requires users to provide two or more verification factors to gain access to an account.
Real-World Example:
A marketing manager tries to log into the company’s customer relationship management CRM system. After entering their password, a notification is sent to their phone, and they must approve the login before they can access the account. Even if their password was stolen, a hacker couldn’t log in without access to the user’s phone.
Regular Backups: The Final Safety Net
What it is:
The practice of creating regular, offline, and verifiable backups of all important data.
Real-World Example:
A law firm is hit with a ransomware attack that encrypts all its client files. Because the firm has a recent, tested, and offline backup, it can wipe the affected systems and restore the unencrypted data, losing no data and avoiding the ransom payment.
Visit our Essential Eight page to see how you can leverage the framework to protect your organization with guidance from Sensiba.
