Essential 8 Framework, Backup Environment, and Recovery Readiness
The Essential 8 is a mitigation strategy model developed by the Australian Cyber Security Centre (ACSC) to help businesses implement baseline protection mechanisms for their IT systems.
The framework is built around 8 main areas:
- Application Control
- Patch Applications
- Configure Microsoft Office Macro Settings
- User Application Hardening
- Restrict Administrative Privileges
- Patch Operating Systems
- Multi-Factor Authentication
- Regular Backups
In addition to these strategies, the ACSC has introduced four maturity models ranging from 0 to 3 designed as stepping stones for companies to increase their security postures.
Ideally, these 8 areas need to be worked on in parallel in order to achieve the best results. Overlooking even one of these areas can result in adversaries breaching your defences and cancelling all your efforts across the rest of the framework.
Essential number 8 – Regular backups
The 8th and last item on the Essential 8 list is still an often overlooked area. Unfortunately, for many organisations, when it comes to the implementation of cyber security measures, backups remain an area that tends to suffer from budget cuts and/or a lack of expert in-house skills.
The reality is that cyber attackers don’t consider anything off-limits anymore and go after any opportunity. If they are out to get you, chances are they will end up getting in, and you need your backup to be there as your last line of defence.
That is why performing regular and effective backups is crucial to maintain critical and sensitive data availability and ensure that information can be accessed following a cybersecurity incident. Not only do you need to have your data backed up regularly, but you also need to have a backup environment that is secure and ready for disaster recovery.
That's where a lot organisations tend to overestimate their capabilities.
Assessing your backup environment
Each backup vendor has specific guidelines and best practices, and environments must be assessed accordingly. The Essential 8 is a good starting point, but even maturity level 3 is a bare minimum if you are serious about the security and availability of your data. if you are serious about protecting your data and putting a disaster recovery and business continuity plan in place, you need to go further than that.
Some examples of things to consider are privileged and unprivileged accounts, multi-factor controls to delete backups, immutability in backups, air gapping, removing Windows-based OS from controls, or what ports are allowed.
Here are a few examples of how you should assess your backup environment.
Hackers are now more sophisticated and experienced with their enterprise environment attacks and your data protection environment is now becoming their initial target and they have been executing increasing ransomware attacks and completing targeted campaigns on backup environments.
A robust backup security assessment will take into consideration:
- Disaster recovery options: ensuring your company has a plan and is following best practice processes.
- Monitoring of your environment and identification of abnormal activity
- Immutability of storage
- Prevention of brute force attacks and bad actors
- Good security practices, operations, and processes
When it comes to the stability of your backup environment, it is not only crucial for ensuring good security and operational efficiency, but it also plays a significant role in maintaining the overall resilience of your organisation.
A proper backup health assessment looks at the stability, reliability, and capacity of your backup environment and compares it to your organisation's data loss appetite and RTO and RPO targets to establish the frequency at which backups should be performed, ensuring that critical data is protected and available for recovery.
Being recovery ready means having the assurance and capability to swiftly restore both data and systems in the face of a cyberattack or disaster, guaranteeing minimal downtime and disruption to business operations. This entails implementing extensive measures and strategies to safeguard, backup, and rapidly recover data across a wide range of platforms and environments.
A recovery readiness assessment should look at:
- Your business requirements
- Your current recovery capabilities
- Your disaster recovery playbooks across critical applications
- Third-party sensitive data across workloads
Now. while that isn't directly linked to strengthening your security posture, assessing the optimisation of your storage and making sure you are getting the most out of your dollars could free up some valuable cash that could be further invested towards better security measures.
If you have any questions about your backup environment or would like to discuss the best approach to meeting Essential 8 requirements, get in touch!