Introduction:
For many Australian organisations, the Australian Cyber Security Centre (ACSC) Essential Eight is the baseline for cyber resilience. While Maturity Level 1 (ML1) reduces exposure to opportunistic threats, it’s Maturity Level 2 (ML2) where security posture meaningfully shifts — and adversary success rates drop sharply.
ML2 is designed to defend against more capable, well-resourced adversaries who actively target environments, rather than simply scanning for easy wins.
Here’s how achieving Essential Eight ML2 materially lowers risk.
1. It Closes the “Initial Access” Gap
Most breaches begin with phishing, malicious attachments, or exploitation of unpatched software. At ML2:
-
Microsoft Office macros are blocked from the internet by default
-
Only approved applications can execute (stronger application control enforcement)
-
Exploitation mitigations are consistently configured
-
Operating systems and applications are patched within defined timeframes
This dramatically reduces the attacker’s ability to gain code execution through common vectors.
Instead of relying on a user clicking “Enable Content,” adversaries must now bypass hardened controls — increasing cost, complexity, and likelihood of detection.
2. It Reduces Privilege Abuse and Lateral Movement
Once attackers gain a foothold, their next objective is escalation and movement. ML2 significantly disrupts this phase.
At ML2:
-
Administrative privileges are tightly restricted
-
Admin accounts are separated from standard user accounts
-
Privileged access is limited to specific systems
-
Multi-factor authentication is enforced for internet-facing services
This reduces the ability for attackers to harvest cached credentials, escalate privileges, or pivot across systems.
With fewer standing administrative privileges and stronger identity controls, attackers lose the speed advantage that often turns a small breach into a domain-wide compromise.
3. It Shrinks the Ransomware Blast Radius
Ransomware operators rely on three things: execution, privilege, and recovery leverage.
ML2 directly disrupts all three:
-
Application control reduces execution of unknown binaries
-
Patch management limits exploitation of known vulnerabilities
-
Backups are regularly tested and protected from modification
-
Privilege restrictions slow or prevent widespread encryption
The result? Even if an adversary gains access, they face friction at every stage of the attack lifecycle.
Instead of rapid domain-wide encryption, they encounter segmented access, reduced permissions, and monitored behaviour — increasing the chance of detection before catastrophic impact.
The Risk Reduction Impact of ML2
Reaching Essential Eight ML2 does not eliminate risk. But it meaningfully lowers exposure to:
-
Phishing-delivered malware
-
Commodity ransomware campaigns
-
Exploitation of unpatched vulnerabilities
-
Credential harvesting and privilege escalation
-
Lateral movement across flat networks
-
Rapid, enterprise-wide encryption events
In practical terms, ML2 transforms an organisation from a “low-effort” target into a hardened environment that requires significant adversary capability to compromise.
For most Australian businesses, ML2 represents the tipping point between reactive cybersecurity and proactive resilience.
Achieving ML2 is not just a compliance milestone — it is a measurable reduction in the probability and impact of compromise.
And in today’s threat environment, that reduction in adversary success rate is what truly matters.
