SMB1001 2026 update focuses on email-based attacks, threat detection

By Jason Pollock on Oct 23, 2025 4:39PM
SMB1001 2026 update focuses on email-based attacks, threat detection

Dynamic Standards International (DSI) has updated the Australian-born SMB1001 small business cybersecurity standard, introducing new controls to combat the rise in email-based attacks and to improve threat detection.

The release of SMB1001:2026 reflects the standard's nature of being updated annually to address the current threat landscape.

The SMB1001:2026 update includes six significant changes compared to the previous (2025) version, beginning with new controls for email authentication to fight email fraud, phishing and brand impersonation.

The standard now mandates the implementation of email authentication protocols, specifically DMARC (Domain-based Message Authentication, Reporting, and Conformance), along with SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).

The standard has also introduced controls for Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) services.

The requirement for cyber awareness training has been moved into the Bronze (entry-level) tier, aiming to make foundational security education a 'day one' priority. The update strengthens the entry point for minimal cyber hygiene by ensuring the 'human firewall' is addressed immediately, rather than at a later maturity stage.

A new control has been added requiring organisations to develop and implement a formal policy for the acceptable and secure use of Artificial Intelligence (AI).

DSI said this is a direct response to the growth of generative AI tools in the workplace and addresses the "urgent, real-world risks of data leakage, intellectual property loss, and privacy breaches", intending to provide guardrails for SMBs.

The 2026 update also addresses practitioner-raised issues, such as clarifying guidance on modern password hygiene, as well as providing clearer and more detailed guidance on its definition of an SMB.

DSI continues to map the SMB1001:2026 controls against other major international frameworks and has released both a Detailed Standards Mappings report and a Standards Analysis report.

The former provides a cross-reference of controls from a number of cybersecurity standards and frameworks mapped to the SMB1001 standard, designed to help organisations understand how SMB1001 aligns with other widely adopted standards, while the latter evaluates the best security standards for organisations, covering applicability, cost, complexity, and suitability for SMBs across different industries and regulatory requirements.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © nextmedia Pty Ltd. All rights reserved.
Tags:
dsi dynamic standards international security smb1001

Partner Content

The Compliance Dilemma for Technology Partners: Risk, Revenue, and Reputation
The Compliance Dilemma for Technology Partners: Risk, Revenue, and Reputation
Tech Data: Driving partner success in a digital-first economy
Tech Data: Driving partner success in a digital-first economy
From Insight to Opportunity: How SMB Service Demand is Shaping the Next Growth Wave for Partners
From Insight to Opportunity: How SMB Service Demand is Shaping the Next Growth Wave for Partners
Tech Buying Budgets for SMBs on the Rise
Tech Buying Budgets for SMBs on the Rise
Shure Microsoft Certified Audio for Teams Rooms
Shure Microsoft Certified Audio for Teams Rooms

Sponsored Whitepapers

Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats
The race to AI advantage is on. Don’t let slow consulting projects hold you back.
The race to AI advantage is on. Don’t let slow consulting projects hold you back.
The changing face of Australian distribution
The changing face of Australian distribution
Tech Data
Tech Data
Coro
Coro

Events

techpartner.news Benchmark Security Awards 2025
techpartner.news Benchmark Security Awards 2025
techpartner.news MSP index - Sydney
techpartner.news MSP index - Sydney

Most read articles

Nexon Asia Pacific sold to Adamantem Capital

Nexon Asia Pacific sold to Adamantem Capital
Save-the-dates for Pipeline 2026: We're levelling up to Hamilton Island in May!

Save-the-dates for Pipeline 2026: We're levelling up to Hamilton Island in May!
Channel faces AI-fuelled risk as partners lag on data resilience, Dicker Data summit told

Channel faces AI-fuelled risk as partners lag on data resilience, Dicker Data summit told
Announcing the 2025 Fast50 companies

Announcing the 2025 Fast50 companies

Log in

Email:
Password:
  |  Forgot your password?