Home >  Blog >  The Essential Eight-cyber security mitigation strategy

The Essential Eight-cyber security mitigation strategy

Posted by Michael Trimblett on 19 August 2020

Before we talk specifically about the The Australian Cyber Security Centre's (ACSC) recommended Essential Eight-cyber security mitigation strategy; let's put the situation in perspective.

Reports are continuing to reveal facts and stats on cyber security that are increasingly alarming for small and medium sized businesses (SMB's). There are more incidents and more dollars being lost than ever before. Let me take you through a few points.

Recently, The Australian Cyber Security Centre (ACSC) published the Small Business Survey Report: How Australian Small Businesses Understand Cyber Security. They received over 1700 responses. Some of the revelations from the survey are:

  • $29 billion is lost by small businesses every year
  • Nearly 50 per cent of SMB's under-spend on IT security annually
  • One in five small businesses that use Windows have an operating system that stopped receiving security updates in January 2020
  • Many businesses had incomplete or too little implementation of the Eight Mitigation Strategies


The latest Notifiable Data Breaches report indicates a rise in breaches (as reported under the guidelines for mandatory reporting). In the period July to December 2019, the main categories of reported breaches were:

  • 64% - Malicious or criminal attacks (including phishing, theft by insiders or outsiders, social engineering, malware, ransomware)
  • 32% - Human error
  • 4% - System fault


The same report highlighted the top 5 industries being attacked the most:

  • Health service providers
  • Finance
  • Legal, accounting and management services
  • Education
  • Personal services


It's no secret that I have a passion for auditing, analysing and developing & implementing strategies for cybersecurity mitigation. If I was to hone in on one 'go to' mitigation strategy, it would be the Essential Eight. It is a relatively easy to understand, 8 point strategy that in its whole, cover's all angles for cyber security.

The 8 essential points are under 3 distinct defensive lines:

Mitigation Strategies to Prevent Malware Delivery and Execution 

  • Application control; 
  • Configure Microsoft Office macro settings; 
  • Patch applications; 
  • User application hardening

Mitigation Strategies to Limit the Extent of Cyber Security Incidents

  • Restrict administrative privileges; 
  • Multi-factor authentication; 
  • Patch operating systems

Mitigation Strategies to Recover Data and System Availability

  • Effective back-up regime

The first and most blatant revelation here is that standard anitvirus software hardly gets a mention. An effective strategy is more behavioural and tangiable than it is digital and automated. And just like a business's physical premises needs a lot more than just locks on a door, a business's I.T. and data require many angles for effective cyber security.

If you have any concerns or ideas for your cyber security risk mitigation or even if you are not sure what you don't know, please give us a call for a no obligation discussion (on 02 4337 0700) or email me.

.....and here are some parting insights from the above mentioned ACSC survey.....

The most common barriers identified for small business owners to implement good cyber security practices are:

  • A lack of dedicated I.T. staff;
  • Complexity & self-efficacy;
  • Planning & responding;
  • Underestimating the risk of cyber security incidents
Michael TrimblettAuthor:Michael Trimblett
About: Michael has been in the information technology industry since 1998 and has a passion for everything technology. He has a technical background as a qualified network engineer, project manager and is qualified as a Certified Ethical Hacker.
Connect via:TwitterLinkedIn
Tags:ServicesSecurityITIT ConsultingNetworking SecurityComputer Software

Log a Job
Or an Enquiry


Loyal IT
Latest news

19 July 2022
Scams have been in the media lately, with blogger Constance Hall being the victim of a scam after she sent money to a real...
Read All Latest News

Our Clients

Hi Mick, Just a brief note to thank you for your assistance in getting the new Beresfield site up and running.

Bruce was up there this morning and said everyone was pleased and amazed at how everything was up and running with no problems.

So thanks for your great service!

David Selle
Read All Testimonials

Resources Helpful
fact sheets

Download Our Fact Sheets

Sign Up for Newsletter