Cyber Security Certification Australia (CSCAU) has released the first update to its dynamic cyber security certification standard, SMB1001:2025, designed to protect small and medium-sized businesses (SMBs) against evolving threats.
SMB1001, launched in 2023, is a multi-tiered certification standard created specifically for SMBs.
It aims to help smaller enterprises safeguard their cyber supply chain and respond to the latest threats, an area where they often lack resources and expertise.
"We can't have a set-and-forget approach to cyber security standards," Peter Maynard, CSCAU co-founder and chief executive said.
"The cyber security landscape is evolving constantly and updating the certification standard annually is critical so businesses can certify, or 'vaccinate', against the latest threats", he added.
The updated standard, to be published on 1 September 2024, includes five main changes.
One key addition encourages SMBs certifying to higher levels to enable remote desktop protocol only over virtual private network connections, reducing risks of unauthorised access and data breaches.
"Our streamlined process allows us to publish updated standards each year and be responsive to emerging threats," Professor Ryan Ko, CSCAU co-founder, said.
"By comparison, traditional standards development is relatively slow and can take close to three years at a national level and almost six years for international standards", Ko added.
SMB1001:2025 aligns with multiple international standards, including the Australian Cyber Security Centre's Essential Eight, UK Cyber Essentials, and the US Department of Defense's Cybersecurity Maturity Model Certification.
The need for such a standard is clear, with the Australian Cyber Security Centre reporting that 62 per cent of SMBs have experienced a cyber security incident.
Many face barriers in implementing good practices due to limited resources and expertise.
This annual update process for SMB1001 represents a shift towards more responsive and adaptive cyber security standards, potentially setting a new benchmark for how the industry addresses rapidly evolving digital threats.
Earlier this month, security vendor Huntress said it would work with CSCAU on the standard and certifications for it, with Bronze, Silver, Gold, Platinum and Diamond level tiers.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
