Essential Eight Compliance Services
We'll work with your team to assess your Essential Eight compliance, establish a baseline against the required standard and work towards accreditation where required.
We’ll help you achieve IT security through the assessment of your organisation's Essential 8 compliance in New Zealand.
How we can assist:
Understanding the Essential Eight
Understanding the Essential Eight
The Essential 8 in New Zealand is a set of mitigation strategies, developed and maintained by the Australian Cyber Security Centre (ACSC), that are designed to help organisations of all sizes protect themselves from the online threats that are recognised as being the root cause of most intrusion events and unplanned outages.
These strategies can be applied across a broad spectrum of networks, systems and applications, from local installations through to cloud and other online services - although it is largely targeted at Microsoft Windows based networks. Essential 8 provides the building blocks of a robust cybersecurity strategy.
What does the Essential 8 focus on
Each element of the Essential 8 focuses on a different aspect of cybersecurity strategy: the eight core elements identified as the most common areas resulting in cybersecurity incidents. The Essential Eight provide information and data management strategies, and guidance on secure configuration, to protect the confidentiality, integrity and availability of an organisation's critical information and data. The Essential 8 focus areas are:
Application control
Patch applications
Configure Microsoft Office macro settings
User application hardening
Restrict administrative privileges
Patch operating systems
Multi-factor authentication
Regular backups
As well as providing guidance on what New Zealand organisations should do to reduce the risk of a cyber-attack, and how to minimise the impact should a threat actor breach your defences, the ACSC has created the Essential 8 Maturity Model to assist organisations in assessing how well they are implementing the mitigation strategies.
The Essential 8 Maturity Model has four levels of maturity.
Level 0: At this level, organisations exhibit weaknesses in their cybersecurity posture that can be exploited by threat actors using common tools and methods.
Level 1: Organisations at this level have basic protections in place that help prevent cyber criminals and other threat actors, using common tools and methods, to break into systems.
Level 2: Organisations that achieve this level of maturity have strategies in place to mitigate a variety of sophisticated security attacks that seek to exploit elevated user privileges and other potential weaknesses such as credential harvesting.
Level 3: The highest level of maturity: these organisations implement a range of tools such as specific application controls, workstation logging and monitoring to ensure anomalous activity can be quickly detected and investigated and they undertake rapid patching of known vulnerabilities.
Why does Essential Eight matter to your organisation?
Cyber crime is on the rise. Every organisation faces a variety of threats ranging from highly disruptive and destructive ransomware attacks, to online fraud and the theft of data. Threat actors have at their disposal a vast array of tools and methods they can use to identify and exploit vulnerabilities to your systems.
Defend against adversaries
Building a strategy to defend against these adversaries requires a strategic focus. Otherwise, it can seem impossible to detect and block each different type of attack. The Essential Eight provides a strategic framework that can be used to build a baseline defence against the cyber risks your organisation faces.
The Essential Eight matters to your business because it provides the building blocks of a robust cybersecurity strategy that covers defensive measures to mitigate the risk of a breach and minimise the chances that a threat actor can compromise the confidentiality, integrity and availability of your data. Even at Essential Eight Maturity Level 1, organisations will be able to actively prevent many threats.
For government Essential 8 is mandated
For government agencies, compliance with the Essential Eight is mandated. Many government agencies require that their suppliers also report on their Essential 8 measures. And while mandates are not in effect yet for commercial entities and the Not-For-Profit sector, we can expect Essential 8 compliance to become an emerging industry standard, as have ISO27001 and the NIST Cyber Security Framework.
How can Tesserent help New Zealand Organisations?
Tesserent has deep expertise assisting both government and private organisations to implement relevant Essential Eight controls contextualised to our clients’ environments. Our proven methodology is based on a solid partnership with our clients. We start by understanding your goals and your specific cyber risks and threats.
A Tesserent Essential Eight Maturity Uplift is tailored to your requirements and may include:
Baseline: a current state assessment of your current controls
A baseline is established so that the current state of cybersecurity controls in your organisation are understood and assessed against the Essential Eight Maturity Model. You’ll work closely with Tesserent’s security experts, to identify where your strengths and weaknesses are.
Develop a roadmap to implement the Essential 8 controls
Our team of Advisory consultants will develop a plan to bridge the gaps between your current state and the right level of Essential Eight maturity required for your organisation.
Assistance with executing the roadmap recommendations
Once the strategic plan is agreed, Tesserent will leverage its team of over 400 cybersecurity experts to help you choose the best risk mitigation tools and strategies and help you to deploy them for maximum protection.
Essential 8 dashboards and audit reporting
Continuous Reporting and Monitoring
Develop a plan to conduct regular reviews and evaluation of the effectiveness of your cybersecurity controls.
Uplift your organisation's security posture with Tesserent
Tesserent understands that there is no ‘one size fits all’ way to implement cybersecurity controls. We'll consider your organisation's objectives and needs and develop a bespoke solution that will deliver significant uplift in your organisation’s security posture. Tesserent, New Zealand's trusted cybersecurity company will work alongside you as your security partner to help ensure your people, systems, data and customers are protected.
Frequently Asked Questions
What are the Essential Eight strategies?
The Essential Eight strategies are:
1. Application whitelisting
2. Patch applications
3. Configure Microsoft Office macro settings
4. User application hardening
5. Restrict administrative privileges
6. Patch operating systems
7. Multi-factor authentication
8. Daily backups
Why are these strategies important?
These strategies are important because they address common cybersecurity risks that organisations face. Implementing these strategies can reduce the likelihood of a successful cyber attack and minimise the impact of a successful attack.
Do I need to implement all eight strategies?
Yes, the ACSC recommends implementing all eight strategies to improve your organisation's cybersecurity posture. Each strategy addresses a specific area of cybersecurity risk and is designed to work in conjunction with the other strategies.
How do I implement Essential Eight strategies?
Tesserent's New Zealand team provides detailed guidance on how to implement each of the Essential Eight strategies on their website. They recommend starting with the strategy that will provide the most immediate benefit to your organisation.
Are there any additional measures I can take to improve my organisation's cybersecurity posture?
Yes, Tesserent recommends that organisation's implement a range of additional cybersecurity measures to further improve their cybersecurity posture. These measures include regular staff training, regular vulnerability scanning, and incident response planning.
Contact us
Speak with a Tesserent
Security Specialist
Tesserent is a full-service cybersecurity and secure cloud services provider, partnering with clients from all industries and all levels of government. Let’s talk.
