Originally featured in Enterprise IT World on 20 May, 2022.
The Essential Eight is a set of guidelines to assist government agencies and businesses to bolster cybersecurity defences. In parallel with the evolution of the Essential Eight, there has been an increased focus on compliance, particularly in critical industries. A key pillar of robust cybersecurity is rigourorus end-user device management. Attacks on endpoint devices are one of the most commonly exploited vulnerabilities for Australian organisations with more than two-thirds of cyber attacks originating from breaches to employee devices.
The challenge for many organisations is understanding where they currently are in Essential Eight maturity and how to uplift it quickly. Level One of the Essential Eight maturity model gives businesses solid protection against threat actors who leverage commodity malware, known vulnerabilities, publicly available exploits and methods that are widely available.
Moving up to maturity Level Two should be considered by taking a risk-based approach unless mandated in your industry. When you achieve this level, adversaries need to step up their efforts and invest more time and resources to carry out a successful attack. They need to be more targeted in their attacks and methods and will often rely on social engineering techniques to trick users into giving them access to systems. It’s possible to boost your maturity from Level Zero or One to Level Two on end-user devices in a matter of weeks using automation and zero touch, not the traditional 18 months of complex IT programs.
At its heart, the Essential Eight is about establishing and managing a set of security controls that make life hard for would-be attackers and minimise the potential damage should an attacker breach your defences. Controlling which applications can run on an endpoint device is important. By only allowing specific programs to execute, the likelihood of rogue and malicious software damage is reduced. End-user device management ensures applications and operating systems are patched quickly and easily with the latest security updates, shielding against threat actors who target unpatched systems.
Application and operating system patches should be installed promptly after their release. Without a robust and reliable end-user device management platform, this can be extremely challenging. In today’s hybrid/remote working environment, we can’t rely on users coming into a central office and the IT department installing system and software updates. We must leverage automation to install critical security updates wherever users are.
Even patched and endorsed applications can be exploited by motivated threat actors if they are not correctly configured or have excessive privileges. End-user device management tools can ensure the correct settings are applied and maintained, covering everything from the ability to execute macros in tools like Microsoft Office through to ensuring users don’t have unnecessary administrative privileges.
Should the worst happen and a device is compromised, one of the best ways to get the user up and running again is to retrieve their data from a backup. By ensuring that backups are taken regularly and securely stored, preferably on a cloud platform that can be easily accessed from anywhere, recovery from unexpected data loss can be made fast and easy. The backup and recovery processes can both be automated to ensure the data is safe and that recovery time is minimised.
Using reliable automation software to remotely manage end-user devices boosts your Essential Eight maturity level quickly. Modern device management platforms don’t require months of planning to deploy. They can be implemented and help boost your Essential Eight maturity in days rather than months.