Cyber threats are evolving at an alarming rate, presenting a never-ending barrage of challenges to organisations worldwide. It’s no longer enough to just have a solid defence—you need to think bigger. You need to build cyber resilience to adapt, respond, and recover, no matter what comes your way.

What is cyber resilience?

At its core, cyber resilience is about staying operational—even when you’re under attack. It extends beyond traditional protection measures, probing an organisation’s ability to adapt to, respond to, and recover from cyber threats. It’s a holistic approach integrating  cyber security, business continuity, and enterprise resilience. The objective is not just to thwart attacks, but to ensure that you can continue to keep your organisation running smoothly even when under siege.

How do you measure cyber resilience and maturity?

Measuring cyber resilience involves assessing how well your organisation can anticipate, withstand, and recover from cyber threats. A robust measurement framework would look beyond conventional security metrics and include elements of recovery and adaptability. Consider:

1. Maturity Models:

There are several maturity models designed to help organisations assess their cybersecurity strength and resilience. These models, such as the Cybersecurity Infrastructure Security Agency (CISA) Zero Trust Model, Essential Eight or the National Institute of Standards and Technology (NIST) Cybersecurity Framework, offer a set of criteria for gauging your current capabilities. Organisations will often use aspects from each model to categorise their maturity, or readiness, into levels – from initial (least mature) to optimised (most mature), so that it’s easier to then identify areas for improvement.

2. Benchmarking:

If you’re looking for effective ways to measure and enhance your cybersecurity posture while comparing yourself to industry standards and peers, tools like Microsoft Secure Score and CIS CSAT (Critical Security Controls Self-Assessment Tool) are excellent options to consider.

Here’s why:

Using both tools gives you a well-rounded understanding of your cybersecurity strengths and areas for improvement. They don’t just tell you where you stand—they help you take actionable steps to build a stronger, more resilient security posture.

3. Resilience Metrics:

Want to see measurable results? Start tracking things like:

4. Continuous Assessment:

Cyber resilience is not a one-off exercise. Regularly scheduled reviews and updates to the resilience plan ensure that an organisation remains prepared as new threats emerge. This also includes continuously training staff and updating them on new threats and best practices.

How to build cyber resilience

Improving your cyber resilience and maturity level involves a strategic approach integrating processes, technologies, and people. It requires commitment from all levels of the organisation, from executive leadership to individual team members. Key steps include:

Why regular assessments of your cyber security maturity are key

Here’s the thing: threats aren’t going to slow down. That’s why it’s so important to regularly assess your security maturity – it’s crucial to strengthening your resilience. Regular assessments will illuminate current security posture, identify vulnerabilities, and provide actionable insights for continuous improvement. It’s like taking your car in for a service—you might not think you need it until it’s too late.

Working with experts can make a big difference here. They’ll bring fresh eyes to your challenges, ask the tough questions, mitigate the influence of organisational bias and help you spot gaps you might not even realise exist. (Shameless plug for my Security Resilience Assessment Workshop I’ve developed with Cisco here.)

The four pillars of cyber security resilience

Using the updated CISA Zero Trust Model that we mentioned earlier, we can focus on four critical pillars of cybersecurity resilience: Zero Trust, Secure Network, Extended Detection and Response (XDR), and Security Operations. Let’s delve into how each contributes to fortifying an organisation’s cyber resilience.

  1. Zero Trust A very widely used term that has become the mainstay of every modern cybersecurity approach. The principle of “never trust, always verify” rejects the traditional notion of a trusted internal network and an untrusted external one. Threats can originate from anywhere, and the Zero Trust approach mitigates the risk of unauthorised access and lateral movement within the network by requiring verification of every user and device, regardless of their location. While almost every security solution claims to be ‘Zero Trust’, many organisations have struggled to achieve this utopia.
  2. Secure Network is the principle that data in transit is protected across both public and private networks. It relies on the implementation of robust encryption standards, secure protocols, and network segmentation strategies. By safeguarding the network infrastructure, organisations can prevent eavesdropping and manipulation of data, crucial components in maintaining the integrity and confidentiality of sensitive information.
  3. Extended Detection and Response (XDR) goes beyond traditional detection and response mechanisms by providing a holistic, integrated view of threats across multiple security layers—email, endpoint, server, cloud, and network. By harnessing advanced analytics, machine learning, and automation, XDR can detect subtle and sophisticated threats and respond more effectively. This comprehensive visibility and swift response capability are pivotal in minimising the impact of breaches.
  4. Security Operations encapsulate the continuous processes and technologies employed to detect, analyse, respond to, and prevent cybersecurity threats. Central to this pillar is the Security Operations Centre (SOC), which orchestrates the monitoring, assessment, and defence of an organisation’s information assets. Effective security operations are characterised by their agility, adaptability, and the ability to leverage insights from past incidents to enhance future defences.

Let’s get started

With today’s constantly evolving threats, adopting a cyber resilience framework is not just beneficial; it’s a necessity. That’s why, Data#3, a Cisco Master Security Specialised Partner, has collaborated with Cisco to develop a Security Resilience Assessment Workshop.  This is a free to attend, hands-on session where you’ll assess your organisation’s security posture with guidance from experienced experts.

Want to learn more? Consider participating in a Security Resilience Assessment Workshop or reach out to your account manager today. Let’s build your resilience together.

In cyber security, change is constant, but some challenges remain stubbornly familiar. Do you remember the Anna Kournikova virus from over two decades ago? It spread rapidly by tricking users into opening a seemingly harmless email attachment. Fast forward to today, and it’s no surprise that email remains the number one attack vector. The only difference is that the stakes are higher, and as technology evolves, the threats grow more sophisticated. 

So, how prepared is your organisation to keep up with the evolving threat landscape? 

In our latest Security Minutes video series, with Mimecast, Data#3’s National Practice Manager for Security, Richard Dornhart, and Mimecast’s Senior Sales Engineer, Matt Youman, discuss the critical challenges organisations face and how they can stay ahead. From polished phishing attacks to overlooked attack vectors such as collaboration tools, here are the key insights you can’t afford to miss. 

Episode 1: The evolution of email attacks 

Cyber criminals are leveraging artificial intelligence (AI) tools to revolutionise their tactics. In the first episode, Youman highlights the rapid rise of AI-driven phishing attacks: 

“In the most sophisticated cases, we’ve seen the use of large language model agents like ChatGPT. They can automate spear phishing campaigns that would traditionally take weeks or months to execute, in just 30 seconds.”

With tools capable of learning, adapting, and automating attacks at scale, organisations can no longer rely on traditional defences alone.  

Episode 2: Defending against business email compromise 

While cyber criminals use AI to evade detection, it’s imperative to remember that AI is also a powerful ally for defenders. Youman explores how Mimecast uses natural language processing and social graphing to identify behavioural patterns to help you catch threats that static tools miss. 

When Youman reviewed 2,000 emails that bypassed standard security tools, the results were staggering: payroll switch scams and other business email compromise threats had slipped through unnoticed. 

Relying on static rules and limited keyword scans is no longer enough. Utilising AI-driven solutions can help you think like attackers, making it easier for your organisation to fight back

Episode 3: Managing human risk in cyber security

It’s not just email. Collaboration tools, essential to everyday business operations, are also becoming an increasingly popular target for attackers. Yet they’re often overlooked in security strategies. Youman shares how Mimecast addresses this blind spot by integrating collaboration platforms into its centralised security solution, enhancing visibility and simplifying management. 

Are your collaboration tools secure? If not, attackers may already be exploiting the gap. 

Episode 4: Strengthening defence across your organisation’s platforms 

Even with advanced technology, people remain the final safeguard. Roles such as those in C-suite, IT, HR, and finance are prime targets due to their access to sensitive data. Youman emphasises that understanding and addressing human risk is vital to any security strategy. 

Did you know that Mimecast’s 30-day Email Threat Scanner not only uncovers risks but also identifies patterns of human error? Making it a great tool for helping you tailor training to individual roles. 

When was the last time you tested your human defences? 

Episode 5: Securing collaboration in the workplace 

No single tool or strategy can eliminate cyber risk. Reflecting on recent incidents, Youman highlights the critical need to look beyond email when protecting your organisation from cyber criminals.   

That’s why Data#3 and Mimecast advocate for a defence-in-depth approach. By layering advanced detection, automation, and human-centric strategies, organisations can: 

Episode 6: The Mimecast threat scanner 

The final episode showcases Mimecast’s Email Threat Scanner in action. This free tool provides a powerful way to uncover email-borne risks that have bypassed your existing defences. With access to the Mimecast console, you can: 

Act now, know your blind spots 

With everything we’ve learned so far, it’s easy to see that the evolving cyber threat landscape requires more than just traditional security measures. The rise of AI-driven attacks, sophisticated phishing campaigns and overlooked vulnerabilities in collaboration tools reveal critical security blind spots that many organisations still miss. Relying solely on static defences alone is no longer enough to stay ahead of cyber criminals.  

A comprehensive, defence-in-depth approach is necessary to safeguard your organisation against emerging threats.  Don’t delay, each day leaves your organisation open to more attacks. With Data#3 and Mimecast, you’ll take proactive steps to identify and address potential risks that will help protect your organisation.  

Mimecast’s Email Threat Scanner Report will give you actionable insights into your current security posture, helping you stay one step ahead of cyber criminals. Don’t leave your organisation’s security to chance—ensure you’re fully prepared for the threats ahead.  

Contact your Data#3 Security Specialist today to request your Email Threat Scanner Report and uncover hidden threats before they become a problem. 

Graham Robinson, Chief Technology Officer at Data#3, and Carl Solder, Chief Technology Officer at Cisco ANZ, discuss the role of AI in technology, its challenges, and its future potential.

Watch the video in full or jump ahead to the questions linked below.

Is AI just another solution looking for a problem?

Watch video

Graham: Carl, there’s a lot of talk about AI. Many people say it’s at the top of the Gartner hype cycle. There’s a growing number of people now thinking that AI is going to plummet into that trough of disillusionment and it’s going to be years until we actually see any real value from the technology. What are your thoughts?

Carl: We’ll eventually reach a point where AI will address and solve many of the challenges customers are facing today. With the advent of current technologies like ChatGPT, Gemini, and Chord, many people are exploring how to integrate these tools into business operations.

That said, let’s not forget that AI itself is not new. From Cisco’s perspective, we’ve been developing AI for over a decade. In fact, our first AI toolset was launched nearly seven years ago. Cisco has been on this AI journey for quite some time, consistently focusing on how to leverage AI effectively to address customer use cases. I believe we have some fantastic technology solutions available today that are already achieving this.

The release of ChatGPT brought AI to the forefront of public awareness. It essentially announced to the masses that AI is here. However, it’s important to recognise that a broader foundation of AI technologies has been around for a while. These mature solutions are already solving real business problems and are ready for organisations to take advantage of right now.

Why are generative AI projects seeing better success rates compared to other tech initiatives?

Watch video

Graham: When you read the Harvard Business Review, they highlight that 80% of AI projects fail, but only 30% of generative AI projects fail, that means 70% of generative AI projects are not being cancelled and are proceeding through to production. Compared to the stats on digital transformation projects where only 12% succeeded – that’s a huge improvement. AI initiatives are performing multiples better then digital transformation projects. So, I fail to see how we can really say that there’s no value when we’re already seeing progress.

Carl: I agree. On the AI front, there’s generative AI, but we also need to consider how customers are consuming AI. You have the toolsets—like generative AI with chat-style interfaces where you type, interact, and drive workflows. But there’s also generative AI embedded within existing solutions. Often, customers don’t even realise it’s there, yet it’s quietly doing its job and delivering value behind the scenes. That’s where Cisco has been focusing for years. Many of our solutions already have AI built in, operating in the background. Customers may not always notice, but that embedded AI is making a difference.

Where is the true value of AI adoption today?

Watch video

Graham: The real value of AI adoption lies in moving beyond the hype and turning AI into something that delivers tangible, meaningful outcomes. It’s not about the flashy, in-your-face AI like ChatGPT—it’s about the AI that works quietly in the background, embedded within code and applications, where people use it without even realising they’re engaging with AI.

Carl: Correct. A classic example is the AI-powered radio resource management in the Cisco Meraki dashboard. Imagine a customer with a Meraki Wi-Fi network—there’s an AI engine running in the background, analysing user behaviour, network settings, and configurations. It optimises and fine-tunes the network to deliver a better Wi-Fi experience. Users benefit from this improved performance without necessarily realising AI is at work. It’s seamless, purpose-driven, and delivers clear outcomes.

This kind of embedded AI is something we’ve been leveraging for years. While you could debate whether it qualifies as generative AI, it’s still AI, serving a critical function. Now, with generative AI, we’re seeing entirely new possibilities, like virtual AI systems powered by large language models. These systems represent a shift in how operators interact with infrastructure. Instead of navigating a GUI and clicking buttons, operators can type commands and engage in a conversational workflow.

For example, a security operator could use such a system to craft an optimised security policy. The AI could analyse existing rule sets, identify redundancies, and consolidate rules to make the policy leaner and more efficient. These types of use cases highlight how generative AI can enhance productivity, improve decision-making, and ultimately drive better outcomes for organisations.

There’s also generative AI embedded within existing solutions. Often, customers don’t even realise it’s there, yet it’s quietly doing its job and delivering value behind the scenes.

Carl SolderCTO A/NZ, Cisco

Does AI pose more risks than it solves?

Watch video

Graham: AI helps solve a lot of problems, but it raises the question: is it more trouble than it’s worth? One of the most common concerns I hear revolves around the potential threats associated with AI—security risks, overexposure to technology, and fears about AI being used against us. What’s your perspective on AI’s impact on security?

Carl: From our standpoint AI serves as the foundation for how we’re evolving our security portfolio. AI appears in a number of different ways. First, on the backend, every security device needs up-to-date information to identify and respond to current threats. We have an organisation within Cisco actively scouring the internet tracking billions of artifacts daily—emails, file attachments, web links—all in search of emerging threats.

It’s impossible for humans alone to sift through that volume of data, so AI steps in to scale the process. AI analyses those artifacts, identifies new threat vectors, and creates signatures to inform our security solutions. For example, when a solution encounters a flagged instance, it knows to pay closer attention.

AI also works within the technology itself, embedding functions that serve specific purposes. For instance, an AI system might monitor for potential threat signatures and alert SecOps teams when something warrants further investigation.

Beyond these applications, we’re also seeing AI, particularly large language models, redefine how operators interact with networks. This represents a new paradigm—operators moving from GUIs to conversational interfaces powered by AI. This shift is going to be driving a really different way in which operators are going to be doing the job.

How is the rapid pace of AI evolution impacting IT skills?

Watch video

Graham: We’ve been in the industry long enough to witness major technology disruptions – the evolution of the PC, the internet and cloud. Each wave has brought significant reskilling. With the rapid acceleration of AI, how do you see this impacting the current skills gap? Do you think AI will exacerbate the issue, or can it be leveraged to help close the gap?

Carl: First thing I’d say is that we’ve both chosen a career where you never stop learning. You take a break, you come back and oh that’s something new that didn’t exist before. The mere fact of being in IT means that you’re going to be on this continuous learning journey because technology is always changing. I see the advancement of technology picking up pace and the generation of new IT practitioners today have got it a little bit tougher than maybe when I started.

Graham: I used to say the only thing constant is change but even the rate of change is no longer constant – it’s accelerating.

Carl: Absolutely, and that means IT careers are inherently built around continuous learning. AI is just another evolution, another chapter in that journey. That said, AI does change the game in terms of how operators will work with infrastructure that they manage.

When I look back, I see an evolution in IT operations. From the traditional NetOps – when I started everything was CLI (Command Line Interface), beautiful CLI! We went through this motion of DevOps where we started using software defined networking tool sets to automate. We also went through this with AIOps a few years ago where we had AI engines embedded in the solutions to enhance operations and streamline specific tasks. Now we’re moving into this era of large language model operations. Instead of just running scripts or using GUIs, operators can now use natural language to implement workflows, troubleshoot, or optimise systems. This shift not only demands new skills but also offers tools to bridge gaps, making IT professionals more efficient in managing modern infrastructure.

Graham: Every period of technological advancement is getting shorter. What does it mean for our people today because technology has accelerated out of the gate over the last five years. There’s also been a number of things happening around the world that have stopped us from upskilling them cross-skilling our people at the same pace. It feels like the gap between technological advancement and education is widening. What role does AI play in addressing that gap?

Carl: When you look at the AI solutions in Cisco’s portfolio today, most IT professionals will find them relatively easy to adopt. For instance, many people have already used tools like ChatGPT, and we’re starting to see similar interfaces integrated into administration panels now. It becomes intuitive, but there will definitely be a learning curve, especially in understanding how to frame questions or commands to leverage AI’s full potential.

The one area that Australia will get to at some point is when you actually build and run your own custom AI workload tailored to your specific business needs. What’s exciting is these tools have the potential to help all employees perform their roles more effectively. It’s not just an IT transformation; it’s a workplace evolution where AI becomes a ubiquitous tool for problem-solving and productivity across all functions.

What role does custom AI play in the future of business operations

Watch video

Graham: When you mention a custom AI workload, you’re referring to a specific application tailored for that customers’ needs. One that would probably be leveraging a third-party large language model or small language model or micro language model to perform a business function. We’re not just talking about the data centre. This extends to edge computing, specific devices, even down to mobile devices. Is that what you’re thinking?

Carl: Absolutely. In Cisco’s portfolio right now, we have an AI chat bot in our contact centre. This chatbot, powered by a large language model, enables true conversational interactions. If you think back a few years, chatbots were rigid, relying heavily on syntax and specific keywords to function. If you didn’t phrase something exactly right, they simply didn’t work.

But now, these chatbots can handle fluid, natural conversations, hugely improving the user experience. It’s not just a better customer interaction, it’s a transformative leap in how businesses engage with their users.

This also extends to IT practitioners. It’s a new world that our operators are starting to go into. Whether it’s automating routine tasks or assisting in daily workflows, these AI-driven systems are opening up new opportunities for efficiency and innovation in business operations.

AI – Are we heading to utopia or dystopia?

Watch video

Graham: Final question because I know we’re well and truly out of time that I could sit here and we have this conversation all afternoon. AI – Are we heading to utopia or dystopia?

Carl: I am a glass half full person, so I’m hoping it’s utopia. Within Cisco we have a group of engineers dedicated to ethics and how we can use AI in an ethical way. I’m optimistic that our engineering teams build AI tool sets that are going to serve mankind in a better way. That they’re going to produce better outcomes for businesses. They’re going to drive better productivity. better profitability, a better customer experience. That’s my hope for this.

That being said there’s always the darker side of human nature who might look to use those tool sets in in a bad way and I don’t think that we can avoid that. The only thing we can do is to continue to build out this technology to help mitigate those threats.

Graham: I share that hope. Going back to our conversation regarding security we know there are malicious actors out there. My hope is that AI for the first time really gives us an opportunity to harness the good in people and scale it to a level that we can actually provide a better future.

Within Cisco we have a group of engineers dedicated to ethics and how we can use AI in an ethical way.

Carl SolderCTO A/NZ Cisco

Data#3 and Cisco

Data#3 is a Cisco Gold Partner dedicated to helping organisations build secure, connected, and future-ready operations. As a Master Security Specialised, Master Collaboration Specialised, and Master Networking Specialised partner, Data#3 combines deep expertise with Cisco’s leading technologies to deliver tailored solutions. Recognised as Cisco’s APJC Customer Experience Partner of the Year for two consecutive years, we are committed to driving exceptional outcomes for our customers. Learn more at www.data3.com/cisco.

International Safety Systems switches to modern, secure Microsoft Azure environment

Download Customer Story

Objective

International Safety Systems wanted to modernise their IT infrastructure and migrate to the cloud.

Approach

As International Safety Systems infrastructure neared end of life, the business sought recommendations from a trusted consultant, and determined that a shift to Microsoft Azure was the right path forward. That advisor joined Data#3 and they recognised that the expertise and culture of their partnership would make a good match.

IT Outcome

• Scalable environment
• Exceptional availability
• Built-in backup and disaster recovery functionality
• Improved security
• Fast and cost-effective, making it easier to innovate

Business Outcome

• Customer’s data is cloud-hosted, residing in their chosen location
• Streamlined onboarding process
• Access to additional expertise
• Avoidance of capital expenditure (CapEx)

The most outstanding part of the project is the improved reliability. We have had no unscheduled downtime thanks to the way our Data#3 consultant designed the platform.

David RickwardCommercial Director, International Safety Systems

The Background

International Safety Systems (ISS) provides customised safety, quality and risk management solutions to customers around the world, helping them to meet compliance requirements while improving their business resilience.

ISS had been hosting its specialised apps in-house, using a thin client approach to distribute software. As available cloud options matured, ISS recognised the potential to work more efficiently and offer an enhanced service to customers.

The Challenge

The AIRS app from ISS is used to capture and manage safety and quality data for customers in stringently controlled industries, such as defence and aerospace. The small, very busy ISS team helps its customers meet all compliance obligations, reducing risk and operating more safely. Until recently, Commercial Director David Rickward said that managing infrastructure was a way of life.

“We had a traditional model, before Software as a Service was widely available. We hosted our software on our own hardware in a Sydney data centre. In addition to the hosting cost we had all the associated maintenance costs and then every five years, we would have to throw it away and start again, which meant incurring substantial capital costs and add-on services. Whilst it allowed us to distribute AIRS online it was a costly and labour-intensive model.”
That service model required effort from customers, and the cost was amplified by the need for extremely high availability to meet the service levels required by clients.

“We had backup redundancy and disaster recovery servers running. Overall, we were happy with the uptime – however, there were occasional unscheduled outages which required on-premises support, adding more cost,” explained Rickward.

As the time for renewal approached, with cloud options now offering greater maturity, ISS sought advice from a trusted cloud specialist, who learned about the ISS business model and made initial suggestions.

“He was experienced with Microsoft Azure. After we started discussions with him, he moved to Data#3. He provided a lot of really good ideas around platform design to make our operations more efficient. We had been working with him for several years and we wanted to continue that relationship.”

IT Outcome

After careful evaluation, ISS followed Data#3’s recommendation for a Microsoft Azure environment, first instating one instance of the ISS software, then provisioning more until the solution hosted all customers. Microsoft Azure backup and DR, as well as several Microsoft Azure security and management features were put to work to help the ISS team work efficiently.

“It was a reasonably quick transition by technology standards, taking six months from our first proof of concept discussions, through commitment and implementation. We canvassed our biggest clients to see if there were any issues for them to move to the new environment, especially in terms of security. Their primary concern was where their data would reside.

“We sandbox tested with a couple of our biggest clients, migrated some smaller clients, then lastly the bigger organisations over a period of eight months.”

The solution included expertise from a Data#3 cloud specialist, so that ISS would always be positioned to work proactively and able to get the most form the Microsoft Azure platform, while managing costs effectively.

“We’re leveraging our Data#3 cloud specialist as our platform manager. We monitor the day-to-day ourselves, and he does general housekeeping a couple of times a month to ensure updates are installed. He also talks us through new security features we might be interested in. This input is invaluable to us – we’re a small company and can handle tasks ourselves but can’t do everything in-house. This arrangement gives us access to the wider resources of Data#3 when we need it.”

Rickward has stated that the flexibility of the Microsoft Azure platform has already impressed ISS clients, given the speed and cost-effectiveness of rolling out the custom app that the company is known for. The feedback has been overwhelmingly positive.

“One client in the aviation industry initially wanted to run the app in-house. They went to their IT department, who quoted six figures for the new servers, and managing and monitoring those assets. We can spin up a dedicated host for them and provide continuous access to data. It was one fifth of the cost that their internal IT would have needed.

“They would have had to go through getting budget approval, which would have taken 12 months, but being a pay-as-you-go model, it was signed off within a week.”

Microsoft invests around $1 billion (USD) each year on Microsoft Azure security, with developers designing solutions for the modern threat landscape where organisations face an increasingly sophisticated barrage of attacks. Rickward said that this timely boost to security is “absolutely a plus”, with the shift to the secure online platform reducing risk for ISS and its clients.

“It is a valuable part of the solution without a shadow of a doubt. Before, every thin client had its own port, so there were multiple ports facing the world. By changing, customers now have web access through a firewall, with only one single point of entry. When you look at it from a security risk point of view, it is considerably better than before, and our customers stay safer.”

Business Outcome

The transition for customers went smoothly, causing no disruption and earning praise for the improved ISS offering after the shift to Microsoft Azure.

“Their lives got easier without having to run the thin client. The cutover was seamless, and the users had their familiar app, they weren’t seeing any difference except that they just had to use a hyperlink instead of clicking an icon on their desktop.”

As a technology business itself, ISS places considerable importance on finding solutions that keep its lead position in its competitive market.

“We can stay at the forefront of technology, always using the latest and greatest, as opposed to buying hardware that becomes obsolete in a month, which then becomes a patch job. Moving to the Microsoft Azure platform means we can stay at the front of the curve, in turn giving our customers the best outcomes,” described Rickward.

This progress is aided by sharing knowledge, with the Data#3 Azure expert helping the small ISS team to gain confidence in the new platform. Rickward is happy that the business has benefitted from someone with enormous depth of Azure experience.

“He has done quite a bit of work with our internal team on things like day-to-day monitoring and firewalls. He’s helped our team to completely understand what to look for, and how to achieve compliance.

“It has been a game-changer for us, and we look at it as a partnership arrangement. Given what the Data#3 Azure expert has delivered us, it is a lot more capability than we would otherwise have, and we’ve gained a lot more capability in-house with him there.”

That capability extends to helping ISS respond to requests for tenders. Rickward said that the ability to access expertise helps to show prospective corporate and government clients that ISS has the capability needed when providing such a critical service.

“The advantage of dealing with a technology company like Data#3 is that if we don’t have specific expertise in-house, we know we have it through them. When we’re bidding on some contracts, it gives us more credibility to have that support, especially in the government space. We do a lot of work for government and from a security point of view, if we’re working with an organisation that is already approved, it makes for a more seamless transition, and we don’t have to delay delivery getting approvals.”

For customers, the Microsoft Azure platform raises the bar for custom solutions. ISS can now offer shared platforms, where customers’ individual environments are logically separated, and where customers prefer, dedicated platforms can be quickly provided. The ability to store data in their own or an approved jurisdiction has proven to be essential.

“Microsoft Azure provides more flexibility, allowing us to do more for our clients with specific requirements. For example, for legal or regulatory reasons, clients may need to ensure their data is stored in a particular jurisdiction. With Microsoft Azure we know we can provide that assurance and have them covered.”

It has been a game-changer for us, and we look at it as a partnership arrangement. Given what the Data#3 Azure expert has delivered us, it is a lot more capability than we would otherwise have.

David RickwardCommercial Director, International Safety Systems

Conclusion

Although Rickward said that any major change in delivery method had the “potential to be traumatic”, he was clear that with the right team in place, it didn’t have to be.

“My advice is simple: find someone who totally understands what you do. Data#3 was very good in terms of what we were trying to achieve and that understanding meant we were able to map it out together – it was truly a collaborative experience. In terms of understanding the platform and how to manage disaster recovery, that was important.

“The transition itself should be made straightforward – taking the environment off the existing platform and moving it into the cloud. However, there are so many tricks to managing Microsoft Azure well with the right security around it, it’s essential to engage with an experienced consulting firm.

You might be tempted to do it yourself, but you will end up saving money and getting a better result with the right partner. When I filled out the customer satisfaction survey, I gave it a 10 out of 10. One hundred percent!”

Ultimately, the solution was measured by ISS against the benefits and service levels they were able to provide to their valued customers around the world. The switch to the Microsoft Azure platform has been deemed a success.

“The most outstanding part of the project is the improved reliability; we have had no unscheduled downtime because of the way the platform is set up. When we did have minor issues, we were able to failover to backup systems without service interruption. The service delivery has been outstanding,” concluded Rickward.

Download Customer Story Explore how Microsoft Azure can benefit your business

 

What’s next for cyber security?

In this AI edition of our Security Minutes series, Richard Dornhart, Data#3’s Security Practice Manager, sits down with Carl Solder, Cisco’s Chief Technology Officer A/NZ, to discuss the impact of AI in cyber security—from Cisco’s latest AI-powered solutions to the challenges posed by adversarial AI.

As a Cisco Master Security Specialised Partner and Gold Partner, Data#3 has one of Australia’s most mature and highly accredited security teams. You can trust our expert team to help you navigate the challenges faced today around how to connect and protect your network. 

To discuss any aspect of security in your environment, please get in touch with us today.

Cisco Partner Logo

Having a plan doesn’t make it happen

This isn’t another “what is zero-trust” article – I think we can all agree that we’ve moved beyond that as we know it isn’t a product, it’s not a replacement for firewalls or VPNs, and it’s not something you do and then move on.

However, it is essential and appears in some form on virtually every government department’s cybersecurity strategic plan. Some departments and agencies have made progress and implemented elements of the zero-trust model within their environment, but not at a broad enough level to provide the promised levels of protection. Hence, despite the plan, they’re still vulnerable to a cyber-attack.

If zero trust is essential and part of a plan, why are government departments and agencies struggling to implement it? This post will explore that question.

The Government Zero Trust Paradox

The imperative to adopt zero-trust security has never been clearer for government departments and agencies. In an era of remote work, cloud-based services, and increasingly sophisticated cyber threats, zero-trust is an additional, identity-based layer that reduces the reliance on increasingly ineffective perimeter defences.

Driven by mandates from federal, state, and local authorities (such as the new Cyber Security Bill 2024), and the recognition that a new security model is needed, government entities are eager to embrace the principles – but reality on the ground tells a different story. Despite the strategic importance of zero trust, many government entities are struggling to turn that vision into tangible action for a number of reasons.

As a result, many government organisations find themselves stuck in a paradoxical situation. They know zero trust is where we all need to be, but the path remains elusive. Instead of bold action, their security roadmaps remain tactical and address the next pressing need rather than being a strategic, long-term plan that is continuously checked and aligned to.

In a recent discussion with a financial industry CISO, they revealed that these pitfalls are all too common. Despite an acknowledgement of the need for zero trust in their cybersecurity plan, and a multi-million dollar investment, they also:

Breaking free of this paradox requires a fundamental shift in mindset and approach. Rather than viewing zero trust as a product- or tool-based, all-or-nothing proposition, government agencies must embrace a more strategic, process-driven incremental path forward. They can chart a course towards zero trust success by focusing on their most critical assets, prioritising use cases, and partnering with experienced advisors who take this process-driven approach.

A Practical Roadmap for Zero Trust Success

Without trivialising the difficulties of implementing zero trust, there are some principles to consider:

  1. Change Your Thinking
    Consider a different label, such as “Dynamic Trust”, especially for people outside of IT. This might seem unimportant, but conveying a message that trust needs to be actively managed based on context can foster a more positive narrative.
  2. Identify Critical Assets
    Think “Protect Surfaces”, not “Attack Surfaces”. The reality is that anything network-connected is a potential attack surface, so shift the focus from all potential attack surfaces to protecting what’s most critical. Think about protecting surfaces by creating a micro-perimeter around the most critical, valuable areas e.g. Do this by conducting an audit to pinpoint the most sensitive data, applications, and systems requiring the highest level of protection. Then, identify your Protect Surface DAAS elements – Data, Applications, Assets, Services.
  1. Understand your Readiness Perform a readiness assessment to
    • Identify business risks and pressures
    • Determine the overall security benefit
    • Identify current technology capabilities
    • Understand which specific areas will receive the most benefit from zero trust.

      This helps show which area you should begin your journey to feed into roadmap planning, and allows you to better choose solutions that meet your organisation’s needs.
  2. Develop a Zero Trust Roadmap
    Create a phased implementation plan that outlines the specific steps, timelines, and resources required across Define, Design, Formulate and Deploy stages. Ensure the roadmap aligns with your department’s broader security and IT strategies.
  1. Pilot and Iterate
    Start with a small-scale pilot project to test your zero-trust approach and gather feedback. Use the lessons learned to refine your plan and prepare for broader deployment.
  2. Secure Executive Sponsorship
    Gain buy-in and support from department leadership to ensure the necessary resources and commitment. Demonstrate the tangible benefits of zero-trust in terms of risk reduction, cost savings, and operational efficiency.

Working With Partners & Vendors

While tools and solutions are a component of the zero-trust model, they too often become the focus of government security teams looking for tangible ways to move forward. While tools can provide valuable data points, implementing zero trust effectively requires a more holistic, process-driven approach. Simply relying on a tool to assess one’s zero-trust posture is insufficient.

That’s why working with experienced advisors like Data#3 and Business Aspect, who can guide you through a comprehensive readiness assessment and the development of a practical zero-trust roadmap, is critical. This process-oriented approach, rather than a tool-centric one, can ensure that government entities have a clear understanding of their current state, their priorities, and the steps needed to achieve their zero trust goals.

This includes:

The final factor is understanding the vendor landscape. Vendor solutions are a critical implementation component, and aligning the right vendor solution is easier for a partner like Data#3, with its extensive vendor relationships and accreditations.

For example, government entities that have made significant investments in Cisco networking could use Data#3’s 25+ year relationship with Cisco to access their extensive security portfolio and zero-trust capabilities.

Conclusion

Implementing zero trust is a marathon, not a sprint. Government entities can chart a course toward a more secure, adaptable, and future-proof security architecture by taking a phased, strategic approach—identifying critical assets, assessing current capabilities, and partnering with experienced advisors. If you would like to discuss further please reach out to me using the contact button below or contact your account manager.

Interested in a hands-on opportunity to evaluate your cybersecurity maturity?

Data#3, in partnership with Cisco, will be hosting Security Resilience Assessment Workshops in 2025. These workshops will guide you through a self-assessment of your security posture using the updated CISA Zero Trust Model.

Register your details below to receive an invitation.

Understanding Microsoft’s Information Barriers, Enhancing security and compliance

In today’s digital age, data security and regulatory compliance are essential for businesses across industries. Protecting sensitive information, while ensuring that communication within an organisation aligns with compliance standards, can be challenging. This is especially the case for those operating in highly regulated sectors like finance, healthcare, legal services and government agencies.

Microsoft’s Information Barriers (IB) in Microsoft 365 offers a robust solution to these challenges, providing organisations with the tools to prevent unauthorised communication and ensure compliance with industry regulations. This blog will explore what Information Barriers are, how they work, and why they are crucial for businesses in today’s regulatory landscape.

What are Information Barriers?

Information Barriers (IB) are a set of controls within Microsoft 365 that allow organisations to block or restrict communication between specific groups or individuals by segmenting groups of users or departments. These barriers are particularly useful in scenarios where there is a requirement to prevent potential conflicts of interest, safeguard sensitive data, or comply with regulatory requirements.

Common scenarios include:

Education: Students in one school aren’t able to look up contact details for students at other schools.

Legal: Maintaining the confidentiality of data that is obtained by the lawyer of one client and preventing it from being accessed by a lawyer for the same firm who represents a different client. Government: Information access and control are limited across departments and groups.

Professional services: A group of people in a company is only able to chat with a client or a specific customer via guest access during a customer engagement.

How Microsoft Information Barriers Work

Microsoft Information Barriers are designed to control the flow of information within an organisation by limiting who can communicate with whom. Microsoft 365 admins can set up these barriers to block communications, including Exchange online emails, Teams collaborations, chats, Sharepoint online and OneDrive for business.

Key features include:

For example, a financial firm might restrict communication between its investment research team and its sales team to avoid conflicts of interest. Once an Information Barrier policy is in place, these two teams wouldn’t be able to communicate or share information with each other via Microsoft Teams, Exchange, or SharePoint, ensuring compliance with regulatory guidelines.

Benefits of Information Barriers

The benefits of Information Barriers extend beyond compliance with regulatory requirements. They provide a holistic approach to safeguarding sensitive information and controlling internal communications, while also improving organisational efficiency and collaboration.

Implementing Information Barriers in Microsoft 365 requires careful planning to ensure alignment with your organisation’s needs, regulatory compliance and minimal disruption.

Data#3’s Microsoft experts will guide you from design to seamless implementation, applying best practices to meet your compliance and security requirements. We also provide documentation and training to ensure ongoing policy management.

Protect sensitive data, control internal communications and stay compliant with Microsoft’s Information Barriers. Speak to a Microsoft Security Specialist today to enhance your Microsoft 365 environment.

Discover how XDR enhances threat detection and response

In these four episodes, Richard Dornhart, National Practice Manager – Security at Data#3, joins David Robbins, Director, APJC – Cyber Security Strategic Partnerships at Cisco, to tackle the four most common questions we hear about Extended Detection and Response (XDR).

As a Cisco Gold Partner, 2023 Security SMB Partner of the Year, and 2023 Cisco Customer Experience Partner of the Year APJC, Data#3 is ideally placed to help you answer these questions and guide you on the best way to implement XDR in your environment. Please reach out to your account manager or contact our team for more information.

Many tools and templates are available to help develop a cyber incident response plan (CIRP). In this blog, we’ll outline a simplified approach to CIRP planning and explore how advanced extended detection and response (XDR) solutions can streamline your CIRP.

An organisation’s ability to respond appropriately to a cyber security incident is a critical capability that must be developed, maintained, and refined – you can’t just rely on your security infrastructure to do the job. Much like business continuity and disaster recovery, handling a critical incident requires a carefully considered plan. This plan should ensure the right actions are taken, along with the associated people, processes, and technology capabilities to support that plan. Incident response planning is an essential governance and process control within any cyber security framework.  However, according to an ASIC Spotlight on Cyber Report, 33% of organisations still don’t have a CIRP despite the significant focus on cybersecurity in the media, and at an executive level.

An effective approach to developing a CIRP should draw on principles from industry standards such as ISACA, NIST, ISO27001/27002 and the Australian Government Cyber Security Operations Guidelines. It’s important to remember that the plan is an evolving document – not set and forget – and just one part of a best practice-aligned security operations environment. We’ve included best practices for incident response planning a little later in this blog.

Integrating the CIRP with detection technology

In the first blog of this series, we discussed the challenges of breach detection and the XDR tools improving detection rates. The effectiveness of any XDR tool directly impacts your CIRP – i.e., if your XDR tool can accurately detect and respond to a breach, your CIRP should consider these initial steps to avoid unnecessary escalations. Built-in capabilities can also simplify CIRP development.

Using Cisco’s XDR solution as an example, incidents promoted from security events are listed and ranked based on a priority score calculated from:

This ensures the most critical detections are surfaced at the top of the list, allowing your team to focus on what matters most.

You can then drill down further into the incident detail and view an attack graph that displays a compacted relationship view of the events causing the incident, and the targeted devices, entities, and resources. Having this information easily accessible allows for a clear decision-making framework to be developed in your CIRP, outlining when to escalate further and when the incident has been contained and/or eradicated.

If further response action is required, Cisco XDR can manage your CIRP via playbooks that guide teams through incident response to effectively identify, contain, and eradicate the threat, and restore systems to recover from the threat.

These playbooks include tasks for all phases of incident response and the ability to document findings throughout the process. Some tasks also include workflows to automate parts of the response, and playbooks can be customised depending on the type of threat, e.g., ransomware vs data breach vs phishing. They can also be customised if needed according to your own CIRP, with the tasks and assignment rules developed for your organisation.

The Incident Response Planning Process

If we take a step back from the product-level capabilities of XDR, what should a best practice-aligned security operations environment look like? Many organisations define capabilities across five service areas – as per the European Union Agency for Cybersecurity (ENISA) whitepaper on CSIRT and SOC good practice:

Source: ENISA Good Practice Guide: How to set up CSIRT and SOC

Aligning your organisational program, accountabilities, and processes with these standards provides a robust framework for addressing security response capabilities while ensuring alignment with an organisation’s cyber security strategy.

At Business Aspect and Data#3, when we advise customers on developing or refining a CIRP, we break the planning process down into three broad phases which are adapted to our client’s environment and context while integrating and aligning with your existing organisational risk framework, processes, policies, and subsequent recovery processes. The plan should also integrate with existing processes including crisis management, disaster recovery, data restoration, business continuity, and key communications plans.

The CIRP typically includes:

The CIRP should also integrate with any detection methods associated with security operations processes and escalation paths. Good practice involves developing pragmatic incident response strategies that align with your organisation’s capabilities and culture. Notably, a key component of any CIRP is effective and appropriate communication both within and outside the organisation.

Finally, while it is important to have plans in place, it is equally important to test them thoroughly to validate the supporting policies and procedures and ensure system operability. Organisations should implement a CIRP testing strategy that includes key members of the response process, including core team members, organisational stakeholders, and external partners where appropriate.

Conclusion

Without a CIRP, you risk making mistakes during incident response that can exacerbate the unfolding crisis. Even if you have a CIRP, how much could your response capabilities be improved by adopting XDR?

Whether starting from scratch or needing to review and refine an existing CIRP to include XDR, it can be hard to know where to start.

That’s where existing templates can help – but solutions like Cisco XDR can also simplify the incident response planning process by providing a series of default actions and processes to follow that are already embedded in the tool responsible for detecting threats. It’s important to note that this approach won’t build you a comprehensive, overarching CIRP, but it does provide an easier, low-level starting point for developing it. More importantly, it gives you something concrete to work with quickly, while you take the time to add additional details and customise the plan to meet your organisation’s specific requirements.

Data#3 has one of Australia’s most mature and highly accredited security teams. Working in partnership with Cisco, we have been helping our customers achieve a more connected and secure organisation for more than 25 years. We can assist you in building your CIRP to test and refine existing response plans or with advice on simplifying and strengthening your security environment.

To learn more about these services and Data#3’s approach to incident response planning, contact us today for a consultation or to discuss a free trial of Cisco XDR.

A deep dive into the Data#3 and SecurityHQ Partnership

In this 5-part video series, join Feras Tappuni, CEO of SecurityHQ, and Richard Dornhart, Data#3 National Security Practice Manager as they explore the Data#3 and SecurityHQ partnership.

Discover the journey of SecurityHQ in Australia, from its history and investments to its evolution and future in the managed security landscape. Gain insights into the future of cyber security, managed cyber defence, and global trends shaping the industry.

Data#3’s Managed Cyber Security Services deliver relentless protection. We swiftly identify and mitigate security incidents around the clock, with 24/7 threat monitoring, detection, and response. Data#3 has one of the most mature and highly accredited security teams in Australia. By leveraging our expert cyber security specialists and trusted partner SecurityHQ, our team deliver unparalleled visibility and protection against cyber threats.

To discuss your managed security solution, please get in touch with us today.