Strategies to Mitigate Cyber Security Incidents

The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to assist organisations in protecting their systems against a range of cyber threats such as:

  • targeted cyber intrusions (advanced persistent threats) and other external adversaries who steal data
  • ransomware and external adversaries who destroy data and prevent computers/networks from functioning
  • malicious insiders who steal data
  • malicious insiders who destroy data and prevent computers/networks from functioning.

While no single mitigation strategy is guaranteed to prevent cyber security incidents, organisations are recommended to implement eight essential mitigation strategies as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems. Furthermore, implementing the Essential Eight proactively can be more cost-effective in terms of time, money and effort than having to respond to a successful large-scale cyber security incident.

The Essential Eight are:

  • application whitelisting – to control the execution of unauthorised software
  • patching applications – to remediate known security vulnerabilities
  • configuring Microsoft Office macro settings – to block untrusted macros
  • application hardening – to protect against vulnerable functionality
  • restricting administrative privileges – to limit powerful access to systems
  • patching operating systems – to remediate known security vulnerabilities
  • multi-factor authentication – to protect against risky activities
  • daily backups – to maintain the availability of critical data.

ACSC's Australian Government Information Security Manual (ISM) provides supporting guidance. ACSC also has separate guidance for mitigating denial-of-service attacks, securely using cloud services and enterprise mobility, including personally-owned computing devices.

Strategies to Mitigate Cyber Security Incidents
Primary Guidance

Essential Eight Explained

Additional Guidance

Mitigation strategies to prevent malware delivery and execution

Mitigation strategies to limit the extent of cyber security incidents

Mitigation strategies to detect cyber security incidents and respond

Contact details

  • Organisations or individuals with questions regarding this advice can contact the ACSC by emailing asd.assist@defence.gov.au or calling 1300 CYBER1 (1300 292 371).

Reports help the ACSC to develop a better understanding of the threat environment and will assist other organisations who are also at risk.

Cyber security incident reports are also used in aggregate for developing new defensive policies, procedures, techniques and training measures to help prevent future incidents.

Information for Australian businesses
Information for individual Australian citizens
Information for Federal, State and Local government agencies