Regular Backups - ACSC's Essential Eight mitigation strategy

"Hi, my name is Michael, and I'm a Cyber Security Consultant here at AC3.

In this video, I'll be covering the mitigation strategy of regular backups of an organisation's data assets. Having regular backups is the last line of defence for an organisation that falls victim to a cyber attack. All too often, backups haven't been made or are themselves compromised in an attack, leaving organisations without any means of restoring operations.

This is one of the simpler strategies of the Essential Eight and across all maturity levels, backups of important data, software, and configuration settings should be performed and retained in a coordinated and resilient manner in accordance with your organisation's business continuity requirements, and restoration should be tested as part of disaster recovery exercises.

The primary difference between Maturity Level One and Maturity Level Three is who has access to backups. At lower maturity levels, users can have read only access to their own backup data, but are prevented from modifying the backup in any way. At this maturity level, all privileged accounts can have access to modify and delete backups.

At Maturity Level Two, only specific backup administrators have access to modify or delete backups.

At Maturity Level Three, only a specific ‘break-glass’ account have access to modify and delete backups.

This progression of restrictions on backup data is designed to reflect the protection an organisation might have from an adversary who will often seek to disable backups before executing their main attack.

If you would like guidance on which maturity level is right for your organisation, and how effective your current mitigation strategy is, please reach out to the team. We'd love to help."

AC3's Essential Eight Security Control Assessment can benchmark your current strategies against the ACSC's Essential Eight maturity models. Find out more here.