Cybersecurity CYBERSECURITY

Essential Eight security stack: protecting your business at
three levels

Most IT providers install antivirus and call it done. That covers one angle. CIO Tech's Security Stack covers three: prevention, detection, and recovery. Built on the ACSC Essential Eight framework, backed by endpoint detection, and protected by immutable backups. Every CIO Tech Assured client gets all three layers, included as standard.

Book a $990 IT Audit Compare Assured Plans
Bella Vista, NSW
Same-day on-site
Published pricing
LAYER 1 · PREVENTION

Essential Eight: the baseline your business needs

The Essential Eight is a set of eight security controls created by the ACSC (Australian Cyber Security Centre). It is the baseline the Australian Government recommends for every organisation. CIO Tech implements five of these controls at Level 1 across every Assured client.

Multi-factor authentication (MFA)

Every login to email, VPN, and admin accounts requires a second verification step. A stolen password alone is not enough to get in.

Patch management

Critical security patches are applied within 48 hours of release. Not when someone gets around to it. Within 48 hours, because the exploit is already live.

Restrict admin privileges

Only the people who need full system access have it. Everyone else works with standard permissions. This limits the damage if any single account is compromised.

Microsoft Office macro controls

Macros are small programs that run inside Word, Excel, and other Office files. They are a common way malware enters a business. We lock down macros and disable risky features.

Application control

Only approved software can run on your devices. If an employee downloads something that is not on the approved list, it does not execute. This blocks ransomware, cryptominers, and other malicious programs before they start.

These five controls address the most common ways Australian businesses get breached. They do not cover every threat. That is why the Security Stack has two more layers.

LAYER 2 · DETECTION

Endpoint detection that catches what prevention misses

EDR stands for Endpoint Detection and Response. It is software installed on every device in your business that watches for suspicious behaviour in real time. If something acts like ransomware, EDR catches it and isolates the device before it spreads.

Real-time threat detection

EDR monitors every device continuously. It does not wait for a scheduled scan. If a file starts encrypting other files, the signature behaviour of ransomware, it triggers immediately.

Automatic isolation

When a threat is detected, the infected device is quarantined from the network within seconds. The rest of your business keeps running while we deal with the compromised machine.

24/7 telemetry and alerting

Every device sends security data back to a central dashboard around the clock. If something unusual happens at 2am on a Saturday, the alert fires. It does not wait until Monday.

Forensic investigation

After an incident, EDR provides a full trace of what happened: how the threat got in, what it touched, and how far it spread. You need this for insurance claims and compliance reporting.

Antivirus catches known threats. EDR catches unknown behaviour. For a small business, that is the difference between a blocked attack and a full-scale breach.

LAYER 3 · RECOVERY

Backups that ransomware cannot touch

Most businesses have some kind of backup. The question is whether it would actually work when you need it, and whether ransomware could delete it before you get the chance to restore. CIO Tech uses the 3-2-1 backup strategy with immutable storage.

3

Copies of your data

Three separate copies at all times. If one fails, two remain. If two fail, one remains.

2

Different storage types

Local disk and cloud storage, for example. This protects against a failure that takes out one type of storage entirely.

1

Copy offsite

At least one copy in a physically separate location. Fire, flood, theft, the offsite copy survives.

Immutable storage

Immutable means the backup cannot be changed or deleted. Not by ransomware, not by a compromised admin account, not by anyone. Once written, it is locked. This is the feature that separates a real backup from one that ransomware erases on the way in.

Monthly restore testing

A backup you have never tested is a backup you cannot trust. We run recovery drills and restore tests every month to verify that your data can actually be recovered.

THE FULL PICTURE

Prevention. Detection. Recovery. They work together.

No single layer is enough on its own. Essential Eight controls prevent the most common attacks from getting through. But no prevention is perfect, so EDR detects the threats that slip past. And if something does get through both layers, immutable backups mean your data is recoverable.

Take ransomware as the example. Essential Eight blocks the most common delivery methods: malicious macros, unpatched software, compromised admin accounts. If a new variant gets through, EDR detects the encryption behaviour and isolates the device. And if somehow it spreads before EDR catches it, your immutable backups let you restore everything without paying a ransom.

That is three chances to stop the same attack. Most businesses are running on zero.

LAYER 1
Essential Eight
Prevents common attack entry points
LAYER 2
EDR
Detects threats that bypass prevention
LAYER 3
Immutable Backups
Recovers data if both layers are breached

Every CIO Tech Assured plan (Essentials, Business, and Dedicated) includes the full Security Stack. This is not a premium add-on. It is the standard.

COMMON QUESTIONS

Questions we hear from business owners

What is the Essential Eight?
The Essential Eight is a set of eight cybersecurity strategies published by the ACSC. It is the Australian Government’s recommended baseline for protecting organisations from the most common cyber threats. The strategies cover patching, access control, application management, and backups. CIO Tech implements five of these at Level 1, the maturity level designed for small and mid-size businesses.
Do I need EDR if I already have antivirus?
Traditional antivirus works by matching files against a list of known threats. If the threat is new or behaves differently, antivirus misses it. EDR watches for suspicious behaviour, like a program trying to encrypt your files, regardless of whether it has been seen before. EDR sits as the layer above antivirus, working alongside it.
What makes a backup immutable?
An immutable backup cannot be altered, overwritten, or deleted after it is created. Not by ransomware, not by a compromised user account, not by anyone. Standard backups can be encrypted or deleted by the same ransomware that hits your main systems. Immutable backups are locked once written, so they remain available for recovery no matter what happens to the rest of your environment.
Is the Security Stack enough for cyber insurance?
CIO Tech’s Security Stack addresses the controls that most Australian cyber insurers look for: MFA, endpoint detection, regular patching, restricted admin access, and tested backups. Many of our clients find that having these controls in place streamlines their insurance application and renewal. We cannot guarantee any specific insurance outcome (that is between you and your insurer), but the Security Stack puts you in a strong position.

Ready to get your IT sorted?

Start with a 90-day IT Audit to see exactly where you stand. Or take our free maturity assessment for a quick snapshot.

Book a $990 IT Audit Free IT Health Check