The Essential Eight is a set of mitigation rules developed by the Australian Cyber Security Centre (ACSC) to enhance an organisation’s resilience against most cyber threats.

Here are the Essential Eight strategies:

  1. Patch Applications: Regularly update all your software applications to fix security vulnerabilities.
  2. Patch Operating Systems: Keep your operating systems updated to protect against known vulnerabilities.
  3. Multi-factor Authentication: Implement multi-factor authentication to add an extra layer of security.
  4. Restrict Administrative Privileges: Limit admin privileges to only those who need them.
  5. Application Control: Control which applications can run on your systems25.
  6. Restrict Microsoft Office Macros: Limit the use of Microsoft Office macros to prevent potential security risks.
  7. User Application Hardening: Configure web browsers and Microsoft Office to block untrusted content.
  8. Regular Backups: Regularly back up your data and ensure it can be restored25.

These strategies are designed to protect the organisation's internet-connected information technology networks. While no set of mitigation strategies is guaranteed to protect against all cyber threats, implementing these guidelines as a base-rule makes it much harder for adversaries to compromise systems. The Essential Eight Maturity Model supports the implementation of the Essential Eight. It is based on ASD’s experience in producing cyber threat intelligence, responding to cyber security incidents, conducting penetration testing and assisting organisations to implement the Essential Eight