Aegis achieves SMB1001 Diamond DSI certification

Aegis Cyber Security has become one of the first Australian company to be recognised by Dynamic Standards International (DSI) in successfully passing the SMB1001 Diamond certification, said its founder and cyber security strategist Luke Irwin.

He discussed with ARN, a few reasons behind achieving the standard was to demonstrate its commitment to information security within its own operations and clients, as well as MSP and MSSP firms as a member of SMBiT Professionals. 

Irwin said it undertook attaining this Diamond level of the standard so MSPs and MSSPs can partner with Aegis. 

“Our approach to our service delivery means there is no risk of us “stealing” the client as we do not sell hardware or software services, instead Aegis focuses on audit preparation and support (i.e. Platinum and Diamond), vCISO, advisory and strategy advice with all new requirements being passed back to the MSP and MSSP,” he said. 

Irwin explained Aegis will also use this as a stepping stone towards ISO27001 as it continues its growth trajectory.

He started the company two years ago with a sole focus on the SMB and mid-market space, highlighting the challenges and costs associated with standards like ISO and SOC 2.

“Most of my clients are sub-100 seats and asking them to go for ISO or SOC 2 or something similar, you see their eyes just go wide in horror when you start talking about ISO, which isn’t hard to attain but it does come with added costs and maintenance,” he said. 

 Irwin himself comes from a compliance and highly skilled technical background, working previously as the enterprise operations manager for the Department of Education in Queensland. It’s this experience that has provided enough insight to understand what clients are trying to do and how it should be achieved. 

Undertaking tasks like implementing 2FA and password managers are fairly standard practice, but one area that an SMB may face challenges with if they’re aiming for the Diamond standard, was asset management, Irwin said. 

“Asset management needs to be comprehensive,” he said. 

“It’s more than just having a mobile phone and a laptop. Where is your data? Some of it is in Office 365, SharePoint, CRM and a finance system. You might have a mass mailer and a social media management system. You might have all of these other things that hold your company data and they are an asset that needs to be cataloged.

“How are they backed up? How are they secured? Is there MFA?”

Irwin emphasised the importance of a structured cyber security framework for SMBs, noting that only 12-15 per cent have cyber security insurance, which can be critical in the event of a breach.

“There are some great software products and solutions that can be tailored for small and mid-sized operators that provide a good level of resilience,” he said. 

“But the challenge is that the Medibank, Optus and Latitude breaches painted Australia as a soft target to threat actors.”

There are certain prerequisites companies are required to meet to qualify for cyber insurance, or premiums will be through the roof, Irwin said. 

“I strongly encourage any business to take it up. The odds of recovering from a breach is not high for SMBs because the costs to cover legal, recovery,  rebuilding, etc could cost upwards of $300,000. For enterprise businesses that’s a blip on the P&L.”