Aegis Cybersecurity obtains Dynamic Standards International SMB1001 Diamond certification
Brisbane-based cybersecurity provider hopes to open more doors with this accreditation.
Cybersecurity provider Aegis Cybersecurity has recently obtained the Dynamic Standards International SMB1001 diamond certification.
Aegis Cybersecurity is a Brisbane-based, independent agency that specialises in the delivery of cybersecurity services.
Speaking to CRN Australia, Luke Irwin, principal consultant at Aegis Cybersecurity said one of the reasons he obtained the accreditation was to open the door for more clients.
“I'm using it to try and drive more business to myself, support the MSPs I work with, but also demonstrate that this is somewhere to start. The harms that cyber causes are insane and if we can do a little bit more to make that go away, then that's a good thing.”
Irwin explained that organisations have an ethical responsibility to maintain their client's data, but the challenge is convincing organisations to be cyber secure.
"Make them realise, one that's it is a financial benefit for them to be secure as well as demonstrating to their clients that I'm going to protect your data,” he said.
Irwin takes the security of his clients so seriously that he has fired vendors for not being secure.
"I’ve asked them basic security questions, they did not come back with, in one case, any answer, but in two other cases, inadequate answers,” he said.
“I terminated the engagement and found providers who could meet those requirements. I wasn't asking for anything hard or complex, but just an example of what they were doing.”
According to Dynamic Standards, the SMB1001 accreditation provides organisations – particularly SMBs – guidance for developing their cybersecurity hygiene.
Meeting the highest tier of SMB1001 indicates that an organisation has implemented good cybersecurity measures.
Irwin said he likes the way the standard is written as it is “well suited” for the SMB and SME market and the language people are using.
“It has a good structured pathway to improve security in a standardised and simple manner without being as complex as say ISO27001, which is good, but it has its own challenges and associated costs that come with it,” he explained.
Obtaining the Diamond certification, Irwin said it is a good practical starting point.
“It’s in a better position in some areas than say the Essential Eight because the Essential Eight is fantastic if you are running equipment in your own data centres on your own hosts and running your own virtual machines. But the moment you start talking in a cloud-centric configuration it loses some of its capability and strength.
“It's highly prescriptive of ‘you shall, you must’ versus I found the SMB it's still got that, but you have to adopt essentially a best of breed approach to address the requirements it's looking to achieve.”
Irwin explained the way in which the certification is written means an organisation cannot take one of to the platinum or diamond tier unless they also hold that certification.
“With that in mind, I partner with MSPs, I'll do this so I can get to that level, and I can work with them so they don't need to get themselves to the platinum or diamond tier and I can basically support them in that journey,” he ended.