Skip to main content

Essential Eight – What’s it all about?

With Australian businesses losing millions and millions of dollars every year to Cybercrime, the Australian Government recognised there was a critical need to formalise strategies to help protect business.
So, in 2017 the Australian Signals Directorate (ASD) developed a set of strategies to help mitigate the threat of Cybercrime. One of the most important mitigation strategies ASD created is something called ‘Essential Eight Maturity Model’ or Essential Eight.

Yes, it’s not the most glamourous name out there, however what may sound a little dry is absolutely worth educating yourself about, and seeing how its implementation can help protect YOUR business.

In this series of blog posts, we will delve into each of the Essential Eight and how your business can benefit from implementing their strategies – oh and if you have been following our blog for a while you will have seen Runtime has posted about most of these strategies already.

The Essential Eight – what exactly are they?

The list below are the strategies make up the Essential Eight.

  1. Application control
  2. Patch applications
  3. Configure Microsoft Office macro settings
  4. User application hardening
  5. Restrict administrative privileges
  6. Patch operating systems
  7. Multi-factor authentication
  8. Regular backups.

Now, before we dive further into the Essential Eight strategies there is something that is crucial to understand.
The Essential Eight consists of the 8 strategies listed above, however its implementation is done in accordance with something called maturity levels.
A maturity level is a set of targets for business to aim for, these range from Level Zero (weakest) through to Level Three (strongest).
Each of these maturity levels are based on how sophisticated the attacks you are protecting your business against.

Deciding how much of a target your business is.

Very attractive targets for attackers would be Banks, Medical Companies, Financial Institutions and Larger Corporations.
Less attractive targets may be smaller businesses that don’t leverage online payment/invoice systems or maintain a great deal of online data – Brick layers, Landscapers, Milk bars or small mechanical repairs shops so on.

This doesn’t mean that the less attractive targets are immune, far from it. What it means is that the level of sophistication of the attacker, the time they will spend and how far they will go to will be far greater if the potential reward is higher. As such, if you are a more attractive target for Cybercrime you need to aim for Maturity Level Three.

I want to know more…

Now you have a basic overview of the Essential Eight concept, our next series of posts will dive in for a more detailed look at each of the Essential Eight and how it will help your business.

If you like our content, give us a like and follow Runtime on our socials

Or better yet, get in touch with our team to see how we can help your business stay safe and running strong.

To view full details of the Essential Eight Maturity Model visit

Call today 1300 730 331

Author Daniel

More posts by Daniel