Andre Merwe, Author at Enable Professional Services

How to remain compliant under Security Legislation Amendment Bill…

February 3, 2022February 3, 2022
by Andre Merwe

The recent passing of the Security Legislation Amendment Bill in November 2021 is a clear signal for Australian organisations to take cybersecurity far more seriously – with heavy consequences if they don’t.

As the number of cyber-attacks is increasing every day, critical organisations and systems around the world are already being jeopardised – by both private and state-sponsored threat actors.

With eleven sectors being newly classified as critical infrastructure, many organisations are scrambling to understand how to comply with the rigorous new measures.

So how can organisations remain compliant under the new Bill and how can they ensure that they themselves won’t fall victim to an attack?

Non-compliance leads to disaster

Whilst a year has passed since the Bill was first introduced, many organisations have understandably not yet taken any actions to improve their security responses.

Unfortunately, it is currently far too easy for hackers to successfully target organisations of all shapes and sizes, and this Bill is the wake-up call that many need.

Failure to comply with the Bill can have disastrous consequences:

Vulnerable to breaches

First and foremost, organisations will remain under threat of attack from hackers. Whilst cybercrime may seem like an unlikely occurrence, it has already happened to multiple entities within the Federal Parliamentary Network, in addition to other critical organisations such as medical research facilities and grocery transporters.

Each time a breach occurs, businesses face severe losses in profit, time, and reputation. A serious enough breach can put an entire organisation out of business.

Unable to protect critical assets

While organisations are vulnerable to breaches, many don’t have the infrastructure in place to recognise when they’ve been compromised – which means it’s impossible for them to act quickly or protect key assets.

Without the ability to respond to an attack, critical data and assets can be stolen in minutes, not to mention other, far more sinister consequences.

Putting the lives of civilians in danger

Unfortunately, breaches have put the lives and information of thousands of civilians at risk.

A spate of highly-publicised attacks on the US water supply has recently occurred – including an attempt to poison the water supply of the entire Bay Area in San Francisco.

More locally, multiple government health agencies have been breached in order to steal the health data of Australian citizens.

Regulatory response from the government

In addition to losing critical data and putting the lives of civilians in danger, organisations also face heavy penalties for non-compliance. With fines of up to $110,000 as well as a 2-year prison sentence, it’s clear that complying with this Bill is crucial to the safety of everyone involved.

Adopting the right mindset is key to success

Organisations will need to adopt a new mindset when it comes to complying, as those with a simple checklist mentality will remain more vulnerable than their counterparts that choose to build an agile and responsive culture around risk awareness.

When it comes to cybersecurity, organisations are only as strong as their weakest link. Threat actors are incredibly efficient at finding shortcomings and exploiting them, and it’s imperative that organisations can improve all aspects of their security.

We must get the basics right, and we must focus on ultimately stepping through a maturity curve development around our abilities to respond to security threats.
Andre van der Merwe, IRM Practice Director APJ

Starting your journey to compliance

There are multiple steps that organisations need to take if they want to become compliant and protect against attacks.

Acknowledge the problem

The first step is to acknowledge the problem – the moment that it is acknowledged, organisations can start to work on how to address it.

Ultimately, this is going to be a journey that will require investment across the entire organisation – from the budget capability to change management and new process development. Organisations must look at this end-to-end and recognise that it’s going to be a maturity journey that can take several years.

Build your plan

It’s vital to put together a view of the current state of the organisation’s security and defences to be able to compare it to the minimum requirements needed. This will give you the ability to build a strategy and action plan.

This plan will drive your budget decisions which in turn will drive the hiring decisions, which drive the processes and capabilities that you must focus on building.

Work with a partner

Many organisations may not have the capability to build a plan or put it into action for several reasons, whether it’s a lack of people, knowledge, or experience. Undertaking such a massive and long-term project will require support from a partner that can help.

When it comes to finding the right partner, organisations should look for:

Practical industry experience – a key differentiator between risk management firms is the experience of their people. Whilst an understanding of the industry is great, having practical experience putting measures in place is key to aligning outcomes to the business; and
An agile platform for risk management – without the right technology or platform, organisations can’t put the proper measures in place to proactively defend against threats. You should look for a partner that utilises a modern and agile platform to manage risk awareness and compliance.

The positive effects of enhanced security and defences

Putting into place new policies and measures to become compliant under the new Bill will benefit your organisation (and the Commonwealth) as a whole:

Avoid the deep cost of an attack

Critical data being compromised now carries far more costly benefits under the new Bill – so organisations that can protect and defend their critical data against a breach will end up saving on deep costs.

Protect national security interests

A massive event that compromises the security of national infrastructure, as well as the lives of civilians, can have catastrophic effects on the entire country. As a critical infrastructure, your organisation’s continued security and defences can prevent such an event from occurring.

Deliver better outcomes for your people and clients

Adopting a culture around risk awareness will have a ripple effect across the entire organisation – from your people delivering higher quality work to improving your response rates to any sort of emergency or unexpected event (beyond just cyber).

Simply put, creating a culture around risk awareness will benefit your organisation from top to bottom.

Make fewer mistakes on your journey to compliance

Working with the right partner will ensure that your organisation is able to comply much more easily and make fewer mistakes on the journey towards compliance. A partner may be able to see opportunities that you may not and can make the journey smoother.

Take the first step towards compliance with Enable

As with every major change, it will take time for organisations to understand how to become compliant and put plans and strategies in place. It can be difficult to even get the right buy-in needed to start planning.

Having worked with multiple organisations to manage their risk awareness, Enable is uniquely placed to provide a helping hand to organisations that are struggling to understand this Bill and what it means for them.

Our team boasts the expertise of former security operations managers with practical experience in cybersecurity. We utilise the ServiceNow platform for your risk awareness so that you’re able to stay ahead of events, automatically identify risk events, monitor the impact of project risk, and more.

We have also spent the past year developing a new ServiceNow solution pertaining to the Essential 8, which is applicable to all types of organisations but especially important to those identified as critical infrastructure. The Australian Cyber Security Centre (ACSC) has recommended the Essential 8 as a baseline to make it harder for adversaries to compromise systems.

Contact us today to learn more about our IRM capabilities and how we can work together to help you become compliant under the new Bill.

Awards

Enable achieves GRC Product Line Achievement

August 23, 2021August 23, 2021
by Andre Merwe

Doing what others can’t: a Product Line Achievement (PLA) for Governance, Risk & Compliance (GRC), and a Perfect Customer Satisfaction Score track record of 5/5.

Enable are now officially the most certified, awarded and qualified ServiceNow provider in the APJ region, after securing a Product Line Achievement for Governance, Risk & Compliance. This is following back-to-back APJ Partner Award wins and consistently flawless independent project scores. The PLA demonstrates our capability based on the number of completed projects and customer satisfaction scores.

We are one of the few ServiceNow partners to earn certification in GRC and Security Operations (SecOps), and the only partner in the APJ region with a dedicated practice for GRC & SecOps. This capability is allowing us to meet the growing demand for risk management services across our clients’ broad range of industries.

Achieving these accolades isn’t easy – nor is it accomplished by many. Enable’s unique partnership approach and focus on business outcomes has played a major part in our recent success and recognition. And, of course, the business outcomes achieved by our clients.

A focus on industry experience

Many of the newer products brought out by ServiceNow occupy the GRC and Security Operations space, an area seeing significant growth and demand from clients. Yet proficiently delivering projects are not always easy.

Partners who focus on more traditional services are finding it much harder to achieve recognition in the risk and security fields, due to the absence of internal industry knowledge. It can be difficult to find the specific skillsets required to carry out projects in these areas, and almost impossible to implement these projects without those skills.

Enable has overcome these challenges by taking an “industry-first” approach to building our team. Rather than focusing on ServiceNow expertise, we’ve built our team to include members with years (or decades) of risk and security industry experience – a rare find amongst providers, and a big contributor to our recent success.

More than just implementation

Software alone can’t solve the problems or achieve the goals of a business – outcomes are achieved through planning, strategy and strong relationships. Understanding business operations, processes, problems and goals – “speaking the language” – is a vital step in partnership and eventual project success.

Enable works hard to build strong relationships with clients before entering the technical part of the implementation. Understanding what our clients want to achieve before we touch the tools helps us configure the ServiceNow platform to meet their unique needs. Every job is custom, and includes advisory, consulting, implementation and organisation change management.

Unprecedented feedback

Proficiency in project delivery cannot be only judged by internal expertise – it must also be judged from the outcomes and value it ultimately delivers to those who received it. While we regularly receive great feedback from clients we partner with, ServiceNow independently collects assessments from clients on all projects to mark partner capability and project success.

As all scores are collated, there is a lot of variation, and it is difficult (and rare) to achieve consistently high scores. At Enable, we’ve bucked this trend with an overall project score of 5/5 – the highest possible.

This comes down to our “business first” partnership approach, which helps us consistently meet and exceed business expectations, solve business problems and deliver value.

Ensuring great outcomes

While the PLA, partner awards and project scores are all great achievements for our Enable team, it also demonstrates what is required for businesses seeking improvement through ServiceNow. To achieve the right outcomes, get the best use of software and meet goals or expectations, certain skillsets and strategies are required for different projects.

Your ServiceNow partner is just as important to your outcomes as the software itself, as their skills and knowledge of your business will be what guides implementation and customisation, and ultimately the level of value you receive. If you’d like to discover how Enable’s unique skillset and project approach can benefit your business, explore our expert service offering or reach out to learn more.

News

Overcoming International Compliance Challenges

November 19, 2020November 19, 2020
by Andre Merwe

What is LexisNexis Regulatory Compliance?

LexisNexis® Regulatory Compliance is a legal – obligations register and alerting solution that combines regulatory content with technology to empower you to take control of your compliance obligations.

Complex landscapes. Easy navigation

LexisNexis Regulatory Compliance provides a cost-effective solution to help you meet the demands of an increasingly complex regulatory environment. We offer a range of modules that cover the relevant areas of law not just in Australia but across multiple jurisdictions and industries, embedded with clear, practical, plain English interpretation of all your legal obligations.

Flexible technology options

– Our objective is to make your compliance journey fast and seamless which is why we provide you with flexible technology options.

– We can import our content into your existing GRC / ERM system via our API.

– We also work alongside a panel of carefully selected software partners where we can offer a complete package of content and software, designed to meet your existing and future needs.

LexisNexis experts complete the research. You focus on your business

The LexisNexis team use Australia’s leading legal and industry experts to interpret all the relevant regulatory materials, so you don’t have to. This saves you significant advisory costs and / or research time.

The experts the LexisNexis teamwork alongside can:

– Create obligations content in easy-to-navigate topics organised by business processes

– Provide guidance to help you ensure continuous compliance

– Provide updated obligation and attestation registers as regulatory changes take effect.

Complimentary Event: Overcoming International Compliance Challenges

The international legal landscape is everchanging and keeping track of these compliance obligations can be difficult. Within the context of international privacy and cybersecurity regulations, our speakers, Paul Thomason, Director of Strategy and Innovation at Enable PS and Kieran Seed, Senior Content Manager at LexisNexis, will cover the following topics:

– Highlight regulatory changes across international privacy and cybersecurity legislation

– Outline impacts on GDPR and other regulatory burdens

– Showcase how LexisNexis content covers these changes to legislation within their international content set

– Provide you with a live demonstration of how Enable PS can drive compliance using content on a real-time automation IRM platform

In collaboration with LexisNexis and ServiceNow, Enable will co-present an informative webinar on the newly released international content. LexisNexis AU provides easy access to comprehensive and affordable international legal information, including content from the countries including but not limited to China, Hong Kong, South Africa, Malaysia, Singapore and India.

This 1-hour webinar will demonstrate the power of the LexisNexis content in use of the ServiceNow Platform.