Cybersecurity and cybercrime have continued their near-exponential growth. There’s increased focus and thought being put towards cybersecurity in both commercial and government sectors.
In August 2020, the Australian Government released Australia’s Cyber Security Strategy 2020. Amongst various plans and commitments to invest heavily in cybersecurity over the next 10 years, there were calls for action to be taken by businesses to secure their products and services and protect their customers from known cyber vulnerabilities.
Detailed in these calls to action was a reference to possible regulation for IT practitioners as well as the possibility of imposing liabilities to company directors who fail to adequately protect their products, services and customers from cyber threats.
Cybersecurity is emerging as a major threat to the global economy and governments alike. It’s not unreasonable to assume that it is only a matter of time before cybersecurity becomes a director obligation alongside workplace safety.
The Move Has Already Begun
Unsurprising, the finance & insurance sectors have already begun taking security compliance very seriously. For the last several years, businesses working in and around these sectors have been increasingly asked to prove compliance with various aspects of information management, security and procedures.
More recently, these levels of compliance have become a prerequisite for doing business. In many cases, tenders and contracts are only being awarded to companies that have ISO 27001 accreditation.
Undoubtedly, these requirements are going to trickle down the supply chain. At some point accreditation is likely to be a business necessity even without government regulation.
Understanding Information Security Standards
There are several frameworks that deal with information security. Certain frameworks tend to be more common in different countries around the world. Australia appears to be largely settling on ISO 27001 as the standard.
Despite the differences, all frameworks are essentially a blueprint for building an information security program to manage risk and reduce vulnerabilities. These consist of the policies and procedures required to effectively operate and manage information security. In layman’s terms, there are the activities that need to be done (tasks), how they need to be done (procedures), and the governance that needs to oversee the procedures and adjust them as necessary.
Preparing For The Future
In most cases it is not yet commercially viable for an SMB to chase accreditation. The challenge however is that when that changes, it is not something that can simply be built in a quarter. Rather, there are layers that need to be built and built upon.
There are however elements of a framework such as ISO 27001 that should be adopted now regardless of regulations. It is these activities, procedures & governance that SMB’s should be implementing now in alignment with ISO 27001 in preparation for the future. In the event that accreditation does becomes requirement, you would already be 70% of the way there.
Some of these key elements include:
- Having documented security standards & best practices.
- Processes to regularly review these security standards and the ability to adapt them to meet ever-evolving cyber threats.
- Procedures for consistently implementing security standards.
- Procedures for regularly auditing systems against the standards to uncover gaps and misalignments with configurations.
With cyber threats consistently evolving to use ever more sophisticated approaches of attack the above elements are crucial if you want to be serious about cyber security. Put simply it has become a high-paced arms race.
Just like a true arms race, your strength today means little without the capability to keep up with the other sides developments. Similarly, the best virus protection, firewalls and SPAM filtering will ultimately become irrelevant without the capability to constantly adapt to emerging threats.
Security Practice within a Mid-Market Business
Implementing a cyber security practice can be expensive. It’s something that should be integrated into existing IT support and maintenance. For this reason, IT Solutions Providers need to step up and meet the growing needs in mid-market businesses.
Unfortunately, most providers have long been poor at observing the changing needs of mid-market businesses. This has also meant they have been slow to evolve their technical offerings. Many mid-market businesses are finding themselves in a position where they can no longer wait for their provider to proactively initiate change.
There is no one-size-fits-all all. You need an IT offering that meets your required level of protection. In 2024, there are however some basics that should be in place:
- Security should be a topic of conversation with your provider at least quarterly. Providers are not security-focused if they do not have regular recommendations and advice.
- Managed Anti-Virus is no longer enough. Your security technology should cover multiple threat vectors and include unified threat management, MFA, DNS filtering, and up to date security policies as a minimum.
It is easy to overspend on cyber security. It is even easier to be complacent (see IT Security: Why Most Get It Wrong). Ultimately keeping a mid-market business secure from cyber threats requires good process and the right relationship. Without it you are not only insecure now, but you’re failing to prepare for the inevitable future.
Conclusion
If you are looking for a company that provides cybersecurity solutions for mid-market businesses in Melbourne, look no further than Premier Technology Solutions. We are the Technology Success Partner for progressive businesses that see technology as an enabler for growth. Premier Tech has redefined what it truly means to support and add value to businesses. We’re your strategic allies in building a resilient cyber security posture. From advanced threat navigation to customised vulnerability assessments, we ensure your defences are robust and responsive, guarding you against the unforeseen.
Contact us today and let us help guard against the unforeseen through robust and responsive cybersecurity defences.