ARE YOU CYBER READY?
The journey to compliance is complex.
Our pragmatic approach will help you get there.
Let’s start with a cyber assessment to understand your current maturity and vulnerabilities – and develop a plan to get you to Essential 8 compliance:
Is your business safe from cyber threats?
Portal Technology is uniquely placed in the NT with local staff in Darwin, Katherine and Alice Springs.
We have government certified auditors and solutions to protect your business.
Start with a cyber assessment to understand your current maturity and vulnerabilities.
We work with your team to put the project plan in place.
Review and audit of the project plan ensures that nothing is missed.
We develop a plan to get you to Essential 8 compliance:
Then lay out the next steps to go to RFFR or DISP
Continual and ongoing support is required to maintain any level of compliance.
Why is security becoming such an important issue?
Over the past couple of years the threat from Cyber-attacks has increased exponentially. A new report from the Australian Cyber Security Centre paints a grim picture of the rapidly increasing threat. National security agencies receive one report of cyber-crime almost every 10 minutes. Australians lost $634 million to scams in 2019 alone and cybercrime is estimated to cost the national economy up to $29 billion each year.
The federal government warned in June that a wide range of political and private sector organisations were coming under cyber-attack from a “sophisticated state-based cyber actor”.
The government did not say which state was responsible, but security experts believe China, Russia and North Korea are the most likely culprits.
The effect of COVID has also increased malicious cyber activity with more people working remotely, less opportunity for traditional criminal activity with less people on the streets and a higher visible presence of police enforcing social distancing behaviour. With less traditional opportunity, organised cyber activity has increased with local threats rivalling threats from traditional international actors.
This increase in activity means that regardless of your business size you are at risk of attack.
The most common threats are quite simple but can have a catastrophic impact on your business. Simple Phishing emails are designed to obtain basic information that will allow a perpetrator to access your network. Once they get to your data, they can encrypt it and charge you money to unlock it or steal it and sell it.
The Australian Cyber Security Centre (ACSC) has developed prioritised strategies to mitigate cyber security incidents. These are used to help organisations protect themselves against various cyber threats. The most effective of these mitigation strategies are the Essential Eight.
So what is it ?
The Essential Eight outlines a minimum set of preventative measures, organisations need to implement to protect themselves against various cyber threats. There are additional measures within this maturity model spread across three levels (1/2/3).
An organisation where it is warranted by their environment needs to use a risk-based approach to select the maturity level that they need to target.
The Essential Eight measures are...
Restrict administrative privileges to operating systems and applications based on user duties.
.
Application control to prevent execution of unapproved/malicious programs.
.
Patch applications to ensure that all software / applications are updated with the latest security patches.
.
Patch operating systems. to ensure that all Operating Systems are updated with the latest security patches.
.
Multi-factor authentication is a secondary requirement on log in so not just password but code or application authorisation from a secure authentication application.
.
Configure Microsoft Office macro settings to block macros from the internet, and only allow vetted macros in trusted locations.
.
User application hardening. Configure web browsers to block Flash (ideally uninstall it), ads and Java on the internet. Disable unneeded features in Microsoft Office
.
Daily backups of important new/changed data, software and configuration settings, stored off your network, retained for at least three months.
The Essential Eight Maturity Model, first published in June 2017 and updated regularly, supports the implementation of the Essential Eight. It is based on the ACSC’s experience in producing cyber threat intelligence, responding to cyber security incidents, conducting penetration testing and assisting organisations to implement the Essential Eight.
.
The DISP, managed by the Defence Industry Security Office (DISO), supports Australian businesses to understand and meet their security obligations when engaging in Defence projects, contracts and tenders.
It is essentially security vetting for Australian businesses.
The DISP:
Helps you to get the right security requirements when delivering Defence contracts and tenders.
.
Gives you access to Defence security advice and support services.
.
Helps you better understand and manage security risks across your business.
.
Provides confidence and assurance to Defence and other government entities (either Australian or foreign) when procuring goods and services from industry members.
DISP membership is open to any Australian business looking to become part of the Defence industry supply chain.
In some instances, depending on the type of work you undertake with Defence or any contractual requirements, DISP membership will be mandated.
.
The Department of Employment and Workplace Relations is responsible for protecting information and data collected and stored in the administration of its programs.
When programs are delivered with the assistance of external providers the IT systems that interact with the Department’s IT systems, need to meet and comply with certain requirements in relation to IT security.
The Department’s Right Fit For Risk Accreditation signifies that a provider or external IT system has met these requirements.
The RFFR requires providers to complete a set of milestones and check in with the Department for progress to be reviewed, risk assessed and to seek guidance on meeting the Department’s requirements.
The milestones are designed to allow providers to assess their organisation’s level of cyber security measures in place and implement any improvements identified.
This is done at the same time as gaining a customised Information Services Management System (ISMS) in their business that conforms with ISO 27001.
Once the Provider has demonstrated that risks to systems and government information are low after completing the final milestone, the Department will provide the required accreditation.
Portal Technology is uniquely placed in the NT with government certified auditors and solutions to protect your business.
Our pragmatic approach will help you get there.
Start with a cyber assessment to understand your current maturity and vulnerabilities.
Portal Technology Provides all infrastructure, software and services that you will need to become and stay compliant.
Portal Technology is one of the longest serving ICT companies in the Territory and have been helping clients with all their ICT requirements since 2000.
Read our privacy statement HERE