CSCAU sets the standard for SME cyber maturity


Stuart Mason
Contributor

Small and medium-sized businesses are on the frontline of Australia’s cybersecurity defence. 

Accounting for about 98 per cent of all businesses, SMEs are facing unprecedented cyber threats and pressure to constantly adapt to the ever-evolving threat landscape. 

But these are also the kinds of businesses that often struggle to spare the amount of money required to properly shore up their defences and ensure that all the proper mitigation measures are in place. 

According to Accenture, more than 40 percent of all cyber-attacks are targeted at SMEs, while the Australian Cyber Security Centre has estimated that nearly half of all Australian SMEs spend less than $500 annually on cybersecurity. 

This is despite other reports recommending that SMEs allocate at least 5 to 10 per cent of their IT budget on cybersecurity. 

Cyber Security Certification Australia co-founders Professor Ryan Ko and Peter Maynard

It’s a challenge for SMEs that will only increase, and one that Cyber Security Certification Australia is looking to address. 

The organisation has developed a flagship new cyber standard for SMEs, dubbed SMB1001, that aims to assist smaller organisations with uplifting their cyber defences and act as a stepping stone to achieving higher-level controls, such as the Australian Signals Directorate’s Essential Eight. 

The multi-tiered cybersecurity standard has five levels that the organisation compares to the belts in martial arts, with the progressive controls helping to move a company from a white belt to a black belt. 

The SMB1001 standard was officially launched in September 2023, with certifications beginning earlier this year. It has been piloted across a number of sectors, including healthcare, real estate, IT services and regional councils. 

Cyber Security Certification Australia is a finalist in the InnovationAus 2024 Awards for Excellence in Cybersecurity. You can secure your tickets for the black-tie gala event here. 

Cyber Security Certification Australia was founded by Peter Maynard, who has more than 30 years of experience in entrepreneurship and running SMEs, and Ryan Ko, who has 15 years of experience in developing national standards. 

The national standard developed by the pair covers five key areas: technology management, access management, backup and recovery, policies and processes and education and training. 

Level 1 of the standard requires companies to engage a technical support specialist, install and configure a firewall, implement antivirus software on all company devices and require passwords be changed regularly. 

These standards are evolved annually with help from the organisation’s industry steering committee in order to maintain its relevance to adapting cyber threats around the world. 

The organisation also has an associated entity, CyberCert, which aims to disrupt the current manual process of certifying companies against standards with a new automated self-attestation process. 

It’s crucial that SMEs have adequate cybersecurity measures in place, but many struggle to go straight to introducing all the controls required by national standards that are adopted by larger organisations. 

Cyber Security Certification Australia’s standard provides bespoke controls for SMEs that can help them work up to the more comprehensive national standards such as ISO/IEC 27001. 

The organisation has received funding from the University of Queensland’s Cyber Seed Funding 2022, which it used to extend a pilot of CyberCert. This platform also incorporates generative AI platform Copilot to accelerate code development and improve the user interface. 

Looking for brand exposure in front of Australia’s tech ecosystem? Purchase a table of 10 for the InnovationAus 2024 Awards for Excellence and have your logo displayed on screens across the venue and in the event programme as a table sponsor.  

The InnovationAus 2024 Awards for Excellence are supported by: Australian Computer Society, Investment NSW, Department of Industry, Science and Resources, Technology Council of Australia, TechnologyOne, National Artificial Intelligence Centre, CSIRO’s ON Innovation Program, Reason Group, Q-CTRL, University of New South Wales, and IP Australia. 

Protecting your great ideas with intellectual property (IP) rights can lead to lasting benefits for your growing business. IP refers to creations of the mind, such as a brand, logo, invention, design or artistic work. Head to the IP Australia website to find out more about IP, and how it might help your business. 

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories