Macro-based phishing isn't the threat it was three years ago. Microsoft changed the defaults and attackers moved on. So why does the Essential 8 still include this control? Because a vendor default and a verified configuration are not the same thing, and the gap between them is where the residual risk lives.
Read MoreMulti Factor Authentication is widely deployed, but often inconsistently implemented. This article explores common MFA gaps including legacy authentication, fatigue attacks, and unsecured infrastructure access, and outlines what effective MFA really looks like in practice.
Read MoreRestricting administrative privileges is a core control within the Essential Eight because privilege escalation is a common step in many attacks. Once attackers gain access to a single system, elevated privileges allow them to move laterally, access sensitive data and disable security controls. This article explores how controlling administrative access reduces the impact of compromise.
Read More
