Cybersecurity compliance under scrutiny: Here’s what you need to know!

Cybersecurity is a national priority with 92 percent of Australian businesses expecting a cybersecurity disruption in the next 12-24 months[1]. To combat this, the Australian Government is investing in resilience and intelligence, while over 90 percent of organisations are planning to increase cybersecurity budgets by at least 10 percent[2]. While resources are increasing, a key question remains: whose responsibility is it to act on this burgeoning issue and how can businesses maintain compliance?

Dicker Data addressed this question at our recent Cyber Security Symposium event where the resounding industry response indicated responsibility lies with every person at every level of the business. To be compliant, we all have a role to play, including us, as IT providers. Dicker Data, as a value-added distributor, is working with partners as an extension to their business to ensure we are on the cybersecurity front foot.  

Alarmingly, almost 50 percent of Australian businesses do not have a team in place to direct, investigate, and respond to security incidents[3]. With a critical skills shortage in the local IT sector, this is not surprising. However, as regulatory spotlight on cybersecurity issues increases, this needs to be addressed.

As the industry matures, deploying ad-hoc, disjointed cybersecurity fixes are no longer enough. Organisations need integrated solutions steeped in business needs and focussed on achieving robust, end-to-end security outcomes. Ensuring whole of business compliance and cybersecurity is a must. Grounded in years of experience, Dicker Data doesn’t advise or act on cybersecurity in silo, but leverages our expertise across the entire IT environment to ensure a balanced recommendation backed by the most qualified industry professionals.

With Dicker Data’s expert team based in Australia and New Zealand, we are well placed to partner with you and your customers to upgrade this security journey. We have the largest team of technical presales resources in the country, which means we not only have the expertise but the capacity to support across a wide range of technologies and vendors to deliver bespoke solutions and outstanding outcomes for your customers.

Know the regulations

Cybersecurity compliance is complex. As local governing bodies continue to develop frameworks and tighten regulations, this area is set to become increasingly important and the cost of getting it wrong is exponentially growing.

In Australia, there are five key regulations you need to be across, including:

1. Privacy Act 1988: The Privacy Act governs the handling of personal information by organisations. It sets out obligations for the collection, use, and disclosure of personal information, as well as requirements for data security and breach notification.

2. Notifiable Data Breaches Scheme (NDB): Under the NDB scheme, organisations covered by the Privacy Act are required to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in the event of an eligible data breach that is likely to result in serious harm.

3. Payment Card Industry Data Security Standard (PCI DSS): If an organisation processes credit card payments, they may be subject to PCI DSS requirements. The standard outlines security measures for handling cardholder data and aims to protect against payment card fraud.

4. Australian Government Information Security Manual (ISM): The ISM provides guidelines and best practices for securing government information and systems. While it primarily applies to government agencies, it can be a valuable resource for private sector organisations as well.

5. ISO/IEC 27001: Developed jointly by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commisssion (IEC), the ISO/IEC 27001 is a globally recognised information security management standard. While not specific to Australia, many organisations choose to adopt this as a framework for managing cybersecurity risks.

Beyond legal frameworks, the Australian Cyber Security Centre (ACSC) has also developed the Essential Eight – a best practice set of strategies designed to help organisations defend against common cyber threats. While not mandatory, this is a strong framework to help organisations mature cybersecurity solutions and strengthen compliance.

Recruit the right talent

With a complex array of regulation to understand and enact, it is critical to recruit the right talent who can lead the charge on compliance. This may be recruiting a specialist, upskilling current staff, or partnering with industry experts, like Dicker Data, who can support you and your customer to strengthen cybersecurity credentials.

As the saying goes, the best defence is a strong offence. There are several key certifications to consider when developing a strong cybersecurity team, such as:

• Certified Information Security Professional (CISSP): CISSP is a globally recognised certification that validates expertise in various domains of information security, including cybersecurity compliance. It covers topics such as security policies, procedures, legal and regulatory considerations, and risk management.

• Certified Information Security Manager (CISM): CISM is a certification offered by the Information Systems Audit and Control Association (ISACA) and focuses on information security governance and management. It covers areas such as compliance, risk management, and incident response.

• Certified Information Systems Auditor (CISA): CISA is another certification provided by ISACA, which focuses on auditing, controlling, and assessing information systems and technology. It covers topics such as information system control and security, risk management, and compliance assessment.

• ISO/IEC 27001 Lead Auditor: This certification validates expertise in auditing information security management systems based on the ISO/IEC 27001 standard. It demonstrates knowledge of compliance requirements and best practices related to information security.

• Certified Information Privacy Professional (CIPP): CIPP is a certification offered by the International Association of Privacy Professionals (IAPP) and focuses on privacy laws and regulations. It covers topics such as data protection, privacy program management, and compliance frameworks.

• Tertiary Education: As demand for skilled cybersecurity professionals grows, specialised courses or postgraduate programs in cybersecurity, information assurance, or risk management have become increasingly available. Securing a degree in computer science, information technology, or cybersecurity can provide a solid foundation for managing compliance requirements.

When it comes to managing compliance, knowledge, know-how, and practical experience are key. Cybersecurity is complex, everchanging, and can be resource intensive. It is important to remember, you are not alone. Whether starting on your journey, expanding your practice, or hunting for a partner to deliver more comprehensive cybersecurity solutions, Dicker Data and its network of world-class vendor partners are here to help.

Enact a Zero Trust Approach

Now you’re across the regulations and have the right team for success, it is time to enact processes designed to ensure robust security and support strict compliance. A Zero Trust Architecture is key to this.

Implementing zero trust network design principles will create a more secure network environment that requires authentication and authorisation for each new connection with a layered, defense-in-depth approach to security. Zero trust also allows for greater visibility into network activity, trend identification through analytics, issue resolution through automation and orchestration, and more efficient network security governance.

By coupling the most comprehensive range of cybersecurity products with access to the industry's most highly certified sales and technical experts, Dicker Data has created the leading destination for partners looking to scope, design, and deliver best-practice, zero trust solutions. We partner with over a dozen leading vendors, including Check Point, Cisco, Microsoft, and Trend Micro, to offer a diverse array of solutions that protect yourself and your customers from increasingly sophisticated attacks.

Build your cybersecurity practice

When developing a top-notch cybersecurity approach and embedding security into business culture and practices, there isn’t a one-size-fits-all approach. Three key approaches we see across the industry include:

1. Turnkey: Using vendor solutions to deliver cybersecurity

2. Hybrid: A mix of vendor solutions coupled with in-house capabilities and services

3. In-House: A full in-house Security Operations Centre (SOC) with all capabilities managed in-house. This may include leveraging your cybersecurity expertise and credentials to service partners and customers for a fee.

When developing and deciding on the best practice model, the Dicker Data team can be an important resource to draw from. Leveraging our decades of experience, we understand the pros and cons of various approaches, important considerations, and how to develop a unique, customised solution that can serve the needs of your customers now and into the future as the cybersecurity landscape rapidly evolves.

Keeping our finger on the pulse

As cyber risks continue to escalate in volume and sophistication, this issue is capturing the attention of industry and government both in Australia and globally. Locally, we will continue to see regulation tighten and a greater onus on organisations and providers to take responsibility and action.

At Dicker Data, we will be watching carefully for future developments and changes to cybersecurity and data privacy laws, including “The Right to be Forgotten”, which will change the way we access, utilise, and store data significantly. This law has already been legislated in the US and UK, and Australia is expected to follow suit. With far reaching implications, especially for Big Tech, the Dicker Data team will certainly be keeping our finger on the pulse of these changes.

You are not alone

Cybersecurity is complex and, at times, can seem overwhelming. It is important to remember you are not alone when navigating this evolving landscape. Every member of an organisation has a role to play, and this extends to us as IT providers as well.

As your value-added distribution partner, the Dicker Data team is across the latest in regulatory changes, innovative solutions, and best practice models to partner with you and your customers on the journey. We have the platforms and automation in place to make provisioning and deploying cybersecurity solutions seamless. No matter your level of sophistication in cybersecurity, or how simple or complex the task, Dicker Data is your go-to distributor for cybersecurity solutions.

[1] Cisco Cybersecurity Readiness Index, 2023

[2] Cisco Cybersecurity Readiness Index. 2023

[3] Tech Research Asia