top of page

The Essential Eight

In order to significantly increase the cyber resilience of Australian businesses, the Australian Federal Government introduced a framework of mitigation strategies and security controls.  This framework is known as the Essential Eight. Growing upon the original four cybersecurity strategies that were developed by the Australian Signals Directorate (ASD), the Essential Eight has been specifically designed to achieve three primary objectives:


  1. Prevent attacks

  2. Limit attack impact, and

  3. Data availability

To further simplify compliance of the Essential Eight, organisations can track their compliance through the framework's maturity scale, which is comprised of three levels:

  1. Maturity Level Zero - This maturity level signifies that there are weaknesses in an organisation’s overall cyber security posture. When exploited, these weaknesses could facilitate the compromise of the confidentiality of their data, or the integrity or availability of their systems and data, as described by the tradecraft and targeting in Maturity Level One below.

  2. Maturity Level One - The focus of this maturity level is the targeting of malicious adversaries who are content to simply leverage publicly-available exploits in order to gain access to systems.  For example, adversaries opportunistically using an exploit for a security vulnerability that has not been patched, or using credentials that were stolen, reused, brute forced or guessed.

  3. Maturity Level Two - The focus of this maturity level is the targeting of malicious adversaries operating with a modest step-up in capability from the previous maturity level.  These adversaries are willing to invest more time on a target and, perhaps more importantly, in the effectiveness of their tools.  For example, these adversaries will likely employ well-known tradecraft in order to better attempt to bypass security controls implemented by a target and evade detection. This includes actively targeting credentials using phishing and employing technical and social engineering techniques to circumvent weak multi-factor authentication.

  4. Maturity Level Three - The focus of this maturity level is the targeting of malicious adversaries who are more adaptive and much less reliant on public tools and techniques.  These adversaries are able to exploit the opportunities provided by weaknesses in their target’s cybersecurity posture, such as the existence of older software or inadequate logging and monitoring. Adversaries do this to not only extend their access once initial access has been gained to a target, but to evade detection.  Adversaries make swift use of exploits when they become publicly available as well as other tradecraft that can improve their chance of success.

It is important to note that the Essential Eight, whilst very effective as a cybersecurity baseline for threat protection, is essentially a minimum standard to provide organisations with a safe cyber posture.


Organisations are strongly encouraged to augment their overall security and data breach prevention through additional tools and processes.  Quotient works with organisations large and small to design, implement and manage a wide range of solutions to assist in improving their cyber resilience.

Where do you start?

As a business owner, Director, or CXO, the cyber security of your organisation must be paramount.  Aside from the significant and costly fines imposed by the Australian Government for a data breach, a breach in sensitive and/or customer data can be damaging to your company's brand and reputation.

Knowing what you need to do, and how to execute it during normal, ongoing business operations can be overwhelming. 


Not sure where to start?  Why not get in touch.

We're here to help.

What is the Essential Eight Framework?

In response to the increasing prevalence of cyberattacks, the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) developed a set of strategies to help organisations mitigate common attack vectors.  These strategies are known as the Essential Eight, as detailed in the diagram below:

Essential 8 Multi Factor Authentication
Essential 8  Daily Backups
Essential 8 Patch Operating Systems
Essential 8  Restrict Admin Privileges
Essential 8  Configure Macros
Essential 8  Application Hardening
Essential 8 Patching Applications
Essential 8 Application Control

Want to know more?  Why not talk to one of our Cyber Security Specialists?

bottom of page