At a recent executive roundtable co-hosted by Cube Cyber and Illumio, security leaders examined a critical weakness exploited in nearly every modern breach: rapid lateral movement after initial compromise. Recent incidents highlight that even mature, well-tooled environments can be breached when identity gaps, flat network architectures, and unmanaged legacy systems enable attackers to escalate privileges and pivot across the environment.

The discussion broke down how post compromise activity unfolds in real world scenarios and explored practical controls that limit propagation, including Zero Trust Segmentation, tighter east west visibility, and containment aligned to critical asset pathways.

The takeaway was clear. Resilience is not about preventing every intrusion. It is about restricting lateral movement, reducing blast radius, and keeping core operations intact when a breach occurs.

The Modern Reality: Breach Inevitable, Spread Preventable 

The group began by confronting a sobering reality: breaches are no longer rare incidents, but an operational certainty. Modern attacks are designed for speed, scale, and automation, leaving security teams little time to react. Once an initial compromise occurs, lateral movement follows quickly, turning a single foothold into a full-scale incident. 

Examples such as the Ingram Micro breach illustrated this challenge vividly. Attackers exploited a VPN entry point, harvested credentials, scanned internal systems, and eventually exfiltrated data, and deployed ransomware. Each stage of that chain is familiar and preventable, but only when visibility and containment techniques have been built into designs, and not simply as afterthoughts. 

Lateral Movement: The Underrated Threat Vector 

Participants discussed how lateral movement has become a defining feature of modern cyberattacks. Techniques such as Remote Desktop Protocol (RDP) exploitation and Server Message Block (SMB) traversal continue to dominate post-compromise activity, leveraging so called “Living off the Land” techniques to avoid detection by traditional EDR solutions The problem isn’t simply that these techniques exist, it’s that many environments remain too flat, too open, and too trusting. 

Once an attacker breaches the perimeter, they often find minimal segmentation, limited firewall or flow logging, and partial visibility from traditional security tools like EDR or SIEM. The result is a porous environment where a single compromised system can become a launchpad for internal reconnaissance, credential harvesting, and lateral expansion. 

AI-driven malware has only amplified this problem. Campaigns such as Akira or Oyster demonstrate how quickly automation can scale a breach. The attackers’ ability to move through hybrid and multi-cloud environments outpaces the traditional incident response playbook. 

Resilient by Design: Breach Containment for the Modern Enterprise 

One of the strongest themes that emerged was the need to move beyond reactive detection. EDR and SIEM tools remain essential, but they are not enough to stop movement once the attacker is inside. Over-reliance on legacy macro-segmentation approaches also limits effectiveness against today’s threat environment. The conversation shifted toward containment by design, the idea that security architecture should assume compromise and be structured to contain it. 

Illumio’s breach containment model provided the framework for this discussion. By using strategic Zero Trust segmentation and intelligent labelling at a workload-level, organisations can ‘ringfence’ their critical assets, restrict unnecessary communication paths, and rapidly isolate threats without taking entire systems offline. Illumio’s platform and approach allows for rapid deployment of these containment strategies, allowing organisations to build resilience iteratively.  

This selective containment approach was seen as a critical evolution from the traditional “kill switch” response. Instead of shutting down entire networks, predefined incident response policies can be quickly deployed to quarantine only the affected systems, keeping business operations running while the threat is neutralised. 

The Role of Deep Visibility and IR Practice 

The executives agreed that resilience depends on one thing above all: understanding what normal looks like. Visibility across workloads, users, and traffic flows enables earlier detection and faster decisions. When teams know their environment intimately, abnormal behaviour stands out. 

But visibility alone isn’t enough, it must be paired with Incident Response (IR). The group emphasised that predefined incident response plans and tested containment procedures are the key to avoiding hesitation when a breach occurs. Preparedness transforms panic into process. 

Cube Cyber’s perspective reinforced this operational focus. The company’s incident readiness work with clients has shown that response speed and clarity depends on visibility, policy alignment, and the ability to act without fear of disrupting the business. 

Containment as Culture 

Perhaps the most forward-looking insight from the roundtable was that resilience is as much cultural as it is technical. Containment cannot sit as a one-off initiative or an emergency response protocol. It needs to be woven into everyday operations. That means refining access policies, integrating segmentation principles into new IT projects, and aligning security operations with broader business objectives so that containment becomes a default design choice rather than a reactive measure. 

Participants described this shift as moving from a defensive posture to a resilience mindset. The group noted that many organisations still rely heavily on compliance tick-boxes, assuming that meeting framework requirements equates to readiness. The discussion challenged that view. Compliance may be necessary, but it does not prepare an organisation for the speed and complexity of real-world lateral movement. A stronger focus on preparation for the inevitable and building a genuine containment culture emerged as a defining marker of resilience. 

Lessons to Take Forward 

The event closed with a series of practical takeaways that organisations can act on immediately using the Illumio platform: 

• Map your environment: Understand dependencies and communication paths across all assets using the Illumio Map. What is normal? 

• Manage your external attack surface: Leverage new tools like Illumio Insights to identify unprotected cloud-native assets, ensuring the organisation’s attack surface is understood. 

• Define and test containment policies: Build muscle memory for rapid isolation during incidents. 

• Adopt segmentation early: Limit exposure and control east-west movement before a breach. 

• Refine continuously: Use visibility tools and post-incident reviews to strengthen defenses. 

The message was clear. Resilience is not achieved through tools alone, but through disciplined design and ongoing operational readiness. Many organisations understand the value of segmentation, yet the execution often falls behind due to complexity, legacy constraints, or uncertainty about where to start. The roundtable reinforced that platforms like Illumio can help simplify this journey, providing the visibility and structure needed to make segmentation practical and achievable as part of a broader Zero Trust approach. 

Next Steps 

The roundtable concluded with a shared recognition that breach containment is now a core requirement for every organisation. Building resilience requires visibility, preparation, and the ability to contain threats while maintaining business continuity. 

For organisations operating across both on premises and cloud native environments, now is the time to assess how well your architecture supports containment by design. If you would like guidance on strengthening visibility and building rapid response capability, our team can help. 

Learn how Cube Cyber and Illumio support organisations in building stronger containment strategies: Contact Us

The defining moments of a cyber incident are not measured by how many alerts were generated or how advanced your detections were. They are defined by what happens next. Who escalates? How quickly? Is the right person on-call? Is the scope understood? Is the communication plan clear?

In critical situations, performance depends on more than just having the right tools. What truly determines the outcome is how clearly your team can act, how fast they can escalate, and how effectively they can contain the threat. When pressure hits, teams don’t rise to the level of their technology. They fall to the level of their incident response plan.

The gap isn’t in the tooling. It’s in the operational readiness. And in cybersecurity, that’s where most of the real risk lives.

Common Incident Response Failures and How to Fix Them

Even well-resourced organisations can struggle to respond effectively if response readiness is not treated as a core capability. Detection may function as intended, but it is only the starting point. What follows determines whether a situation is contained quickly or escalates into a business-critical crisis.

Common breakdown points include:

• Undefined ownership in the first 15 minutes. There is confusion around who takes the lead and how quickly decisions can be made.
  
• Ambiguous escalation pathways. If a key individual is unavailable, it is unclear who steps in, leading to delays.
  
• Fragmented visibility. Logs are siloed, alerts lack context, and investigations stall due to missing or inaccessible data.
  
• Over-reliance on specific individuals. One or two people become critical dependencies, increasing operational risk.
  
• Manual communications and reporting. Critical minutes are lost compiling stakeholder updates rather than executing the response.

These aren’t failures of technology. They’re the result of untested, underdeveloped incident response processes and a lack of operational readiness. In most environments, it’s the assumption that plans will hold under pressure that becomes the greatest vulnerability.

Response Isn’t a Product. It’s a Capability.

Building a capable response function requires more than drafting a plan. It involves embedding response into the day-to-day fabric of operations and maintaining it through regular validation.

Organisations with mature cybersecurity risk management approaches typically do the following:

• Conduct structured response simulations, not just tabletop exercises
  
• Define clear roles and thresholds for escalation
  
• Test tooling in real-world conditions, not only during onboarding
  
• Centralise telemetry and make it actionable in real time
  
• Run formal post-incident reviews and adapt based on findings
  

This is where most teams fall short. They invest in tooling but don’t embed the response muscle to match. The result is a disconnect; visibility without action, alerts without ownership.

Five Tactical Questions to Assess Cybersecurity Readiness

If you’re unsure where to begin, here are five questions we ask when assessing an organisation’s readiness:

1. If a ransomware alert were triggered right now, who would respond, and how quickly?
   
2. Are your logs centralised, accessible, and useful during a live investigation?
   
3. Can critical incidents be escalated after hours without confusion or delay?
   
4. Do you have a consistent method for documenting incidents as they unfold?
   
5. Have you recently reviewed a past incident to identify and resolve gaps in speed or clarity?

If any of these questions are difficult to answer confidently, it may be time to prioritise a response maturity review.

Why a Hybrid SOC is Essential to Modern MDR

Effective Managed Detection and Response (MDR) is about more than just identifying threats. It’s about responding quickly and decisively when incidents occur. A Hybrid SOC model plays a critical role in enabling that response.

By combining internal knowledge with external expertise, a hybrid approach empowers teams to act with greater speed, clarity, and confidence,  all while maintaining visibility and control.

This model doesn’t replace your internal capability. It strengthens it, extending your team with the right people, processes, and insights to ensure you’re ready when it matters most.

Test Your First 30 Minutes With Our Experts

When an incident strikes, you don’t need more alerts,  you need a trusted partner who knows how to respond. Cube Cyber delivers just that.

Cube Cyber serves as a trusted cybersecurity partner for organisations that want to strengthen their response capability without increasing internal complexity. Our co-managed Managed Detection and Response (MDR) service operates as an extension of your team, providing 24/7 visibility, expert-led triage, and real-time escalation from our Brisbane-based Security Operations Centre.

Book your MDR Readiness Assessment to identify hidden gaps and get expert, actionable recommendations tailored to your environment,  before the next breach puts your team to the test.

Identifying cybersecurity vulnerabilities in your network is a crucial step in securing your digital assets. While a one-time vulnerability scan is beneficial, it’s crucial to avoid the misconception that a single scan ensures network security. 

With the increasing frequency and complexity of cyber threats, long-term cybersecurity requires ongoing efforts. Regular, full scans of your entire environment are essential. 

We advocate for a proactive approach, recommending the scheduling of full vulnerability scans at least once a month or following any significant ICT changes. Thanks to modern vulnerability scanning tools, these scans can be integrated into your routine outside of business hours, minimising disruptions to operations and staff. 

Nurturing a culture of vigilance

Cybersecurity is an ongoing process, and staying vigilant is essential. Regular vulnerability management brings numerous benefits: 

Continuous Adaptation to Threats 
The cybersecurity landscape is dynamic, with new vulnerabilities emerging regularly. An ongoing scanning service ensures that your organisation stays updated on the latest threats.  

Adapting to System Changes 
Networks are not static; evolving with changes in software, hardware, and configurations. Continuous vulnerability scans help identify threats caused by system changes, updates, or new installations.  

Timely Threat Detection 
Cyber attackers are relentless in developing new methods and exploiting vulnerabilities. Through regular scanning, your organisation can quickly find and address emerging threats before they have a chance to be exploited. 

Compliance 
Many industries and regulatory frameworks require regular vulnerability assessments. Engaging in an ongoing scanning service not only ensures compliance but also mitigates potential legal or regulatory issues. 

Prioritisation of Remediation 
Regular scans provide a prioritised list of vulnerabilities based on severity. This allows your IT and security teams to focus on addressing the most critical issues first, thereby enhancing the overall security posture of your organisation. 

Risk Management 
At its core, cybersecurity is about proactive risk management. Ongoing vulnerability scanning allows you to proactively manage and mitigate risks by identifying and addressing potential weaknesses before they can be exploited. 

Incident Prevention 
Identifying and addressing vulnerabilities proactively becomes a powerful tool in preventing security incidents and data breaches. Ongoing scanning ensures that your organisation stays ahead of potential threats and take preventative measures.

Security Hygiene 
Much like personal hygiene is essential for maintaining health, security hygiene is crucial for the health of your IT infrastructure. Regular vulnerability scans contribute to good security hygiene by keeping your systems and software up-to-date and secure. 

Cost-Effective 
Regular vulnerability scanning proves to be a cost-effective when compared to dealing with the aftermath of a security breach. The average cost of a data breach is $6.77 million, significantly exceeding the expense of implementing preventive measures through continuous scanning. 

Security Culture 
Establishing an ongoing vulnerability scanning service within your organisation fosters a culture of security. It emphasises the importance of proactive security measures and encourages a mindset of continuous improvement. 

Demonstrates Due Diligence 
Regular vulnerability scanning is a demonstration to stakeholders, customers, and partners that your organisation takes cybersecurity seriously. It shows that active steps are being taken to secure systems and protect sensitive information.

A proactive approach to Cybersecurity

Identifying and managing cybersecurity vulnerabilities requires a strategic blend of proactive measures and regular assessments.  

By partnering with Cube Cyber, monthly scans are effortlessly managed, sparing your valuable time. We can provide a fully Managed Vulnerability Service for your organisation, using market leading solutions from vendors, including Tenable. While we suggest monthly scanning, we understand flexibility is key. Adjust the frequency to suit your needs. Our monthly reports, featuring executive summaries in an easy-to-understand format, zero in on key risks and provide mitigation strategies tailored to your organisation.  

Our expertise takes the lead, ensuring your organisation stays ahead of potential threats, strengthening your security in the background, while you can focus on more strategic projects. 

If you would like more information on how an expert team like Cube Cyber can put Vulnerability Best Practices in place for you, contact us today. 

Our Managed Detection and Response (MDR) service is crafted to elevate advanced threat detection, investigation, and response capabilities, augmenting internal security measures.  

Cisco Umbrella takes centre stage in fortifying our defence strategy. 

At the heart of our defence strategy is Cisco Umbrella. It’s not just another tool; it’s a comprehensive shield to prevent ransomware, malware, phishing, and other cyber threats. It bridges visibility gaps, takes charge, enforces consistent rules, and alleviates the strain on security resources. 

We sat down with Andrew O’Shea, Principal Consultant at Cube Cyber to talk about the developments in the Cisco Umbrella technology and how it feeds into the greater resilience in the overall security service offer of their MDR.  

Here are five pivotal ways Cisco Umbrella empowers our MDR service: 

1. DNS-Layer Security

Using DNS, Cisco Umbrella stops malware in its tracks and prevents infected machines from connecting with attackers when connected to your network or working remotely. Adding an extra layer of defence, Cisco Umbrella routes risky domain requests to a selective proxy for URL and file inspection. This protects critical infrastructure without causing delays or performance issues. Additionally, Cisco Umbrella offers app discovery and blocking, providing visibility into cloud apps used across your organisation. Allowing you to find potential risks and effortlessly block applications. 

2. Security Service Edge (SSE)

As remote work becomes more common, Cisco Umbrella is a gateway to Secure Access Service Edge (SASE), bringing a host of benefits. With Cisco Umbrella, you can: 

• Bring access closer to users and the cloud edge, enhancing efficiency and reducing downtime. 
• Enjoy the ease of security in a single cloud solution and framework, streamlining your cybersecurity infrastructure. 
• Leverage a trusted as-a-service model for enhanced efficiency in managing security protocols. 
• Streamline policy enforcement and deployment, making it straightforward to manage and adapt to changing security needs. 
• Ensure 24/7 fast, secure internet, and cloud app access, supplying a seamless and protected digital experience for users. 

3. Anytime, Anywhere Protection

Tackling the complexities of varied user locations and device usage, Cisco Umbrella provides visibility, regulates app usage, prevents data loss, and ensures swift and secure internet access. With risks such as phishing and malware, it safeguards remote workers, fortifies branch offices, and manages cloud app usage seamlessly, without the need for extra hardware. 

4. Real-Time Threat Detection/Prevention

Cube Cyber amplifies its Managed Detection and Response capabilities through the integration of Cisco Umbrella, creating a formidable defence against evolving threats. 

Swift Identification and Blocking: Thanks to Cisco Umbrella, Cube Cyber can swiftly spot and block threats in real-time. For example, picture a scenario where a user accidentally visits a malicious website. Cisco Umbrella, armed with its DNS-layer security, catches the threat right at the first interaction, stopping the user from stepping into a potentially harmful situation. 

Halting Phishing Attempts: In another situation, if a user inadvertently clicks on a phishing link, Cisco Umbrella’s real-time threat intelligence kicks in. It identifies the malicious activity and takes quick action, shielding users from falling for phishing attempts. 

Preventing Malware Infiltration: When an employee downloads a file carrying malware, Cisco Umbrella’s selective proxy and real-time file inspection jump into action. They scrutinise the file, uncover malicious content, and prevent the malware from sneaking into the network. 

With Umbrella in play, organisations experience a 45% drop in threats and an impressive 83% faster resolution of threats. 

5. First Point of Action in Incident Response

Cube Cyber strategically positions Cisco Umbrella as one of the first lines of defence when a business faces compromise. The reason behind this strategic decision is rooted in Cisco Umbrella’s widely recognised reputation as a top-notch product in its class. 

Proactive Threat Mitigation: If a site is compromised, Cisco Umbrella acts as a vigilant guardian. Using its DNS-layer security and real-time threat intelligence, it detects and neutralises potential threats right from the start. 

Rapid Response to Emerging Threats: Cube Cyber counts on Cisco Umbrella to stay ahead of new threats, ensuring our initial response is armed with the latest threat intelligence and robust security measures. 

Reputation for Effectiveness: Opting for Cisco Umbrella as a first line of defence isn’t just a strategy; it’s a commitment to the best in the industry. The proof is in the numbers – over 26,000 companies trust Umbrella for robust threat protection. 

Cube Cyber’s MDR Service

Synergies with MDR Offerings: Cisco Umbrella integrates seamlessly with Cube Cyber’s MDR service, enhancing threat detection and response. For instance, Umbrella’s DNS-layer security complements Cube Cyber’s monitoring, creating a strong defence. 

Unified Threat Intelligence: Integrating Cisco Umbrella establishes a unified threat intelligence framework at Cube Cyber. This blends Umbrella’s insights with Cube Cyber’s existing threat intelligence, creating a more robust detection and response system. 

Synchronised Incident Response: In a security incident, Cube Cyber’s MDR service taps into Cisco Umbrella’s synchronised response. Threat indicators go straight to Cube Cyber’s team for a quick and coordinated response. 

Cube Cyber’s MDR service is your go-to for top-notch cybersecurity. We keep things flexible with per-user monthly billing, tailor-made reports, and round-the-clock monitoring. What sets us apart? Our commitment to making cybersecurity comprehensive, easy to access, and all about you. We’re not just a service; we’re your dedicated partner in keeping your digital world secure and stress-free. 

Our mission is to support your business in preventing, detecting, and responding to any kind of cyber threat.

Contact us to get started protecting your business. 

As more organisations are moving to online working, now is a good time to learn more about cloud computing, and how it can help your business.

What is cloud computing?

Simply put, cloud computing is using programs and storing data online, rather than using your computer’s hard drive. Local computing or storage systems will use programs and store data directing to your computer, whereas cloud computing runs all these programs over the internet.

Cloud computing types include data storage, software, application hosting, databases, servers, and online programs, such as Google Drive or Microsoft Office Online. These web-based systems mean that users can access the same files from any location or device.

Types of cloud computing

There are numerous ways cloud computing works. Types of services include:

Software as a service (SaaS)

Software a service applications are typically run on subscription or pay-as-you-go models. They allow users or members of the same team to work on files simultaneously. Teammates can collaborate on the same file, which is updated in real time, so users will always have access to the most recent version. Examples of SaaS are Microsoft Office 365 and Google Workspace.

Platform as a service (PaaS)

Similar to SaaS, platform as a service (PaaS) allows you to create a service that is used over the web. Cloud based resources such as APIs, web portals and gateway software are used by software developers. This is the more multifaceted form of cloud computing. Examples include Salesforce and Google App Engine.

Infrastructure as a service (IaaS)

Infrastructure as a service uses cloud-based servers, rather than traditional physical systems, to deliver a range of services such as storage and servers. Examples of IaaS include Amazon Web Services, Microsoft Azure and IBM Cloud.

Examples of cloud computing

Google Drive

Google drive is a cloud-based storage service, where users upload files directing over the internet. These files can be accessed from any location or device connected to the internet. With the ability to gain access to files from your phone, laptop or tablet, Google Drive is an efficient way to work remotely and data is easily accessible.

Other Google Apps

Many of Google’s applications are cloud-based, such as Google Sheets, Google Docs, Google Calendar, Gmail, and Google Maps. Being able to access these apps from anywhere makes it easier and quicker to access data and work productivity.

Microsoft Office 365

Microsoft Office 365 is great for businesses of all sizes to work collaboratively and access systems from any location. Co-workers can use Microsoft Office email, work on the same projects, and share information and files amongst the team. This is a subscription-based service, with varying prices depending on how many users it is for.

Dropbox

Dropbox has been around for years and is a service that allows users to upload and store files over the internet. These files can be synchronised and shared amongst users. Prices start from AU$18.69 per month for individual users to AU$33 per month for larger teams.

Salesforce

Salesforce is one of the world’s leading providers in cloud computing, allowing users to access CRM, sales, marketing automation, commerce, ERP, analytics and more.

Apple iCloud

For Apple users (and those using Windows devices), iCloud synchronises all your data onto a virtual server. This includes emails, photos, messages, your calendar, contacts, and backups. This is a storage based system which allows you to have a backup of your files.

Cloud Security

Cloud computing stores data via three different methods; public, private and hybrid.

Public cloud

Public cloud providers use the internet for their storage and web services. Your data will be handled by a third party and you will receive a portion of the cloud service, over a shared infrastructure. For larger companies it may not be wise to share sensitive data over a public system, although advantages are that you will be getting up to date services at a cheaper price.

Private cloud

Instead of storing all data over the internet, a private cloud system is installed within your company. This will be conducted by an in-house IT team and can be a great option for bigger corporations with large amounts of data or any company wishing to have a higher level of security.

Hybrid cloud

As the name suggests, this cloud service provides both public and private cloud based systems. This is a flexible way to store the most confidential information on the private cloud and general data on the public cloud. The private cloud will be managed by the organisations own IT team.

Positives of cloud computing

Flexible working

One of the biggest benefits of cloud computing is the flexibility and efficient way of working it offers. Employees can access services from any device and any location. When previously many systems could only be accessed from the office, which had the software installed, staff can now work from anywhere. This is especially important now as many more people are working remotely.

Up-to-date files

With programs such as Google Docs and Microsoft Office 365, teammates can be assured that they are working on the most up to date file and can do so simultaneously. This seamless workflow can mean projects can get completed faster and better communication is had amongst the team.

Cost efficient

Although cloud computing is still an expense, it is also predicable. You know how much money is coming out of the account each month, making budgeting easier. Rather than paying for an expensive server and the expertise to run it, businesses can work more efficiently when managing a monthly subscription.

Your data is backed up

One of the benefits of cloud security is that if your system crashes, you should be able to retrieve your data. A cloud backup service is different from a cloud storage service, which will allow you to store any files you upload to it. A cloud backup will allow you to restore data which has been lost or damaged.

Negatives of cloud computing

With potentially sensitive information being stored in the cloud, there will always be some vulnerabilities to watch out for. If the cloud service provider crashes from a bug, power cut or cyber attack, then company data can be lost.

There is also the rapid development of the Internet of Things (IoT). Smart devices and anything which uses the connection to the internet can be a vulnerability path into your network and cloud services.

A main concern for many business owners is how exactly their data is stored in the cloud. Before paying for a cloud service, you should be asking the right questions. Ask them how they will store your data and who has access to it. Be sure they are following security protocols, have a good support service and ask which methods they use to keep your data safe.

Cloud computing is evolving as technology evolves. This is the new way to work and as long as you are using good cyber security measures to protect your cloud services, then you are in a good position.

At Cube Cyber we help businesses protect themselves when using cloud based services and can help you stay protected whilst online.

Find out more on how we can help your business.

What is GDPR?

First of all, what actually is GDPR? The GDPR is short for General Data Protection Regulation. It was brought in by the European Union on 25th May 2018. The regulations were created to give individuals more control over their personal data and to ensure businesses comply with how they handle personal customer data. This data could include name, address, IP address, phone number, email address or location data.

It is worth noting that an IP address or a transaction ID alone is not enough to identify an individual. However, if you only collect this information the rules are likely to still apply to you. While this data seems anonymous, if you were to cross-reference a transaction ID with your online store data, the individual could be identified. Therefore, the GDPR regulations will still apply, even though you may not be openly collecting personal information.

If you are collecting detailed personal information such as gender, biometrics, ethnicity, or personal data about children, then you will need to be extra careful when handling this data.

Is GDPR relevant to Australian businesses?

Even though you may not be a business in the EU, you may still have to comply with GDPR regulations.
Any business, no matter where you are in the world will need to comply with GDPR if they process any personal data from a person living in the EU. This could be a client, customer or even someone signing up to your online newsletter or visiting your website.

For Australian organisations it is likely that you will be dealing with customers or suppliers who are from the European Union. If this is the case, then GDPR regulations will apply to you.

The basic values or rules concerning GDPR is that you must tell the person that you are collecting their data, what specific data you are collecting and how you will use that data. You must have a lawful reason to collect someone’s data and only use the data for the reasons you have told them. You must get an individual’s consent before collecting any personal data from them.

For example, if someone is signing up to an email newsletter, you must include consent boxes for email marketing, if any future emails will be used to advertise or promote your business. If you state to the customer that by putting in their name and email, they will get some sort of ‘freebie’ or a monthly newsletter with tips for businesses, you cannot then use that email for advertising purposes, as that is not what the person signed up for. You will need a consent box that clearly states by adding their email, they may receive advertising and promotional emails. It is up to the individual to decide and if they do not want such emails, so you must only send emails for the reasons you have stated in the sign up form.

The data should be secured safely and not be held for any longer than need be. You should have a detailed privacy policy which is easy to read and understand, outlining what information you are collecting and what you are doing with it. You also need to state that you will delete all personal data upon an individual’s request.

GDPR cyber security

In terms of GDPR cyber security, you will need to ensure that personal data is processed and stored securely, in order to lower the risk of any data breaches. Not only does a major data breach hurt a company’s reputation, you may also be liable for a hefty fine (up to €20 million or 4% of worldwide yearly income), if you have not fully complied with GDPR regulations. This is enough for cyber security professionals to up their game and to ensure businesses have the best protection to prevent any data loss.

Organisations should make sure that only authorised staff can access any personal information from customers or suppliers. Limiting the amount of people who can access that data and ensuring only those who need the data for their jobs are allowed access, can help prevent accidental data breaches. Those employees who do have access to sensitive customer data should also have training on how to handle, store and send any data and to make sure it complies with your privacy policy.

Any data you collect that can be adnominalized or ‘Pseudonymised’ should be. This will make it harder to identify individuals. Whether you are the controller (the person who decides what data is collected and how) or the processer (the person collecting, storing, and organising the data), you are liable if any information is leaked. If you are working with a third-party processer, such as Mail Chimp for email marketing, then you should ensure they also are complying with GDPR regulations.

Data Loss Prevention (DLP) devices should be implemented to ensure that data is kept secure and personal information is not shared outside the company. In case of an unfortunate data breach, you must have an incident response plan already in place. This sets the groundwork for how you deal with a cyber attack, from identifying the attack and what data has been lost, to containing the attack, notifying the Data Protection Authority, and then recovering and learning from the incident.

For the best protection for GDPR cyber security, it is best to have a multi layered security solution. Firewalls will help prevent malicious software from entering or leaving your network, endpoint protection will help secure all devices (or entry points) into the network, VPN’s and other encryption tools will ensure data is kept secure and cloud security will protect data storage. Managing and monitoring threat detections is also key to preventing any attempted attacks early.

Risk assessment and vulnerability scans need to be performed to assess cyber security solutions and to make sure everything is working correctly.

If you are worried about GDPR cyber security, or would like advanced protection for your organisation, then get a quote with Cube Cyber today, and our friendly experts will talk you through everything.

What are managed security services?

A managed security service provider (MSSP) will provide security protection to your business, usually remotely, and will oversee all of the cyber security measures needed for the business. They can help with anything from finding vulnerabilities in your business, to implementing cyber protection, and then managing that protection 24/7.

Common services include cloud protection, firewalls, endpoint security, intrusion detection, anti-virus security, email security, VPN’s (virtual private networks), and monitoring. This protection is usually in the form of software-as-a-service (SaaS), meaning you do not have to employ a dedicated IT team to run your cyber security.

How can managed security services help your business?

Expertise and knowledge

One of the main benefits of hiring a managed security service provider is that your business will gain access to industry experts who have been professionally trained in cybersecurity. For small and medium sized businesses (SME’s) who may not have a dedicated team of IT experts, then managed security services can help immensely.

Outsourcing your cyber security to a team with industry expertise, specific knowledge and experience can mean you are getting the best protection for your company.

Cost effective

Using managed security services can be cost effective in several ways. First of all, it eliminates the need to hire, train and keep an in-house team of IT professionals. The cost of hiring a team and providing ongoing training can much outweigh the cost of managed IT services. Hiring an MSSP means you get 24/7 protection, whilst knowing exactly how much is coming out of the budget each month.

Latest technology

With an MSSP, you get access to the latest technologies and the best applications for your cyber protection. With cyber attacks evolving at an alarming rate, you want to be sure that your business is receiving the latest in cyber protection.

Focus back on the business

By using managed security services, you are able to put your attention fully on the business and the goals you are aiming for. Instead of trying to fix time-consuming tech issues yourself, resulting in slower business operations, you can put more time into growing your business and meeting goals.

24/7 security

By hiring a MSSP, you can have peace of mind that your business is being protected day in, day out. Efficiency is improved via automatic detection and vulnerability scans. If a threat is found, you can be assured of a quick response time. With some cyber applications, the longer it is installed, the better the system recognises abnormalities or suspicious behaviour. Threats can be seen sooner, before they infiltrate your network.

What can managed security services help with?

Next Generation Firewall Security

Installing firewalls is essential for any business. They can stop harmful or malicious content from entering and leaving your network. This is particularly important if your business handles customer data or sensitive company information. Firewalls should be one of the first lines of defence.

Cloud Security

If you are using any cloud-based systems, then you will want to ensure you have some cloud security in place. Cloud applications can include systems such as Office 365, Google Docs and OneDrive. Cloud security will protect your data being stored over the cloud, using the latest technologies and controls.

Backups and reports

A managed service provider can do all the hard work for you, including regularly backing up your data and providing easy to understand reports. This can help save you time to focus on other areas of the organisation.

Monitoring

Regular monitoring and patch work will all be carried out by the third party provider. You do not have to worry about updating systems and checking that they are working ok, that is all taken care of for you.

Anti-malware

Advance malware protection is a necessity to protect your organisation against malicious websites, downloads and spyware that can destroy your business. A MSSP can provide the latest technologies to detect known and unknown malware.

Email security

Email security is vital, since most cyber attacks are caused by someone in a company opening a phishing email. The simple act of clicking on a malicious link via an email can cause a major data breach, even within a large corporation. Managed security services can ensure that all emails are scanned, filtered and clean of malicious content before arriving in your inbox. At Cube Cyber, we work with CISCO systems to give our customers the best protection available.

Vulnerability management

Vulnerability management will scan your devices and network for any vulnerabilities, evaluate any risks, and then decide on how to deal with those threats. Vulnerability scans will provide reports of the strengths of the risks and prioritise what needs to be dealt with first.

Conclusion

Cyber security requires an understanding of the current threats, the best cyber practices, technological cyber solutions and how to measure, report and implement defence plans. For smaller businesses without the expertise, time, or budget for an in-house IT team, using managed security services is an appealing and cost-effective way to stay cyber secure.

At Cube Cyber we provide managed services, using the latest technologies and trusted world-class partners. If you would like a quote for your business, then please get in touch with one of our experts today.

By employing good simple Office 365 security methods, your company will be placed in a much better position from a cyber security point of view. As more and more staff members are working online and via cloud-based systems, it is important now more than ever to implement a good cyber security policy. By securing Office 365, you are helping to keep your data as safe as it can be online.

Below are some helpful Office 365 security tips and ways to keep your business secure.

Why Office 365 is a target

Firstly, why is Microsoft Office 365 a target for cyber crime? Well, being a highly popular cloud-based (and particularly email) application, Office 365 is a prime target for phishing attacks. Millions of user’s log-in to Office 365 everyday, which makes it easier for cyber criminals to hack into this one system. With so many people using the same system, the rewards for hackers can be just too tempting.

Back in 2016, Skyhigh Networks research reported that out of 600 enterprises and 27 million customers, 71% of corporate Office 365 users had at least one account compromised every month. As technology advances, so does the sophistication of phishing and other cyber attacks.

Every organisation is at risk of a security breach, but particularly small and medium sized enterprises (SME’s), who may have only limited security measures in place. Office 365 security measures may not be good enough, unless you pay extra for additional add-ons, such as the Advanced Threat Protection (ATP). This is available under the enterprise subscription or users can pay for each additional security measure separately. You can imagine this can become fairly costly, quickly.

For users wishing to add advanced cyber security measures for securing Office 365, hiring an expert firm to go through your individual needs could be a better option. Many businesses opt for managed security to help keep their customer and company data safe and secure.

Microsoft Office 365 security tips

Secure passwords

Having strong passwords is essential. Instead of getting staff members to change their passwords regularly or using complex passwords such as ‘!$4763&-(37653@’, you should encourage the use of passphrases. Although complex passwords such as the previous example are strong, there is always the chance for a computer system to generate millions of random letter and number sequences. Although it is unlikely that these complex passwords will be hacked, it is likely however that these passwords will be written down or saved somewhere by the user.

A passphrase is a series of random words, such as ‘fool foil village gravy2’ is much harder for computers to guess, and much easier for users to remember.

Staff training

There is no point in having added security measures if your staff do not know how to use them. Staff should be aware of the most common cyber security threats, the best Office 365 security measures, how to create a strong password and how to use the systems security measures on their devices.

Securing Office 365 should include training how to spot phishing attacks, as these are commonly reported. If staff know the signs to look for when spotting a phishing attack, it is far less likely that they will click on a malicious email link.

Use Multi-Factor Authentication (MFA)

Using multi-factor authentication is one of the best Office 365 security measures you can initiate. Staff members will have to enter another form of login (usually a code sent to their phone), as well as their usual password and username.

This extra step (or multiple steps) adds another layer of security, even if passwords are not particularly strong. Hackers will find it hard to gain access to the user account, as they will not have the use of the user’s phone, which the code is sent to. MFA is one of the most effective ways to secure your organisation.

Protect against malware

Microsoft Office 365 does come with malware protection included; however it is worth going one step further by blocking attachments with file types frequently used by hackers. You should block any file types which are commonly used to inflict malware on systems, so the email is blocked before it even reaches a user’s account. Common suspicious filetypes usually come in the forms of EXE, CHM, CMD, COM, JS, BAT, CPL, VB and VBS.

How to block certain file types from your Office 365 application:

1. Go to the Security & Compliance Centre and go to the left navigation panel. Click ‘Threat Management’ then ‘Policy’, then ‘Anti-Malware’.
2. Click on the default policy and edit.
3. Click Settings.
4. Go to ‘Common Attachment Types Filter’ and switch to ‘On’. Below this, you are able to add or remove file types that are blocked. Then click save and you are done.

Protect against ransomware threats

Ransomware attacks are one of the most common attacks on businesses. Files will be encrypted by hackers, who will then demand a ransom (usually in a cryptocurrency such as Bitcoin), or even threaten to publish your files online. The files will be compromised until the ransom is paid and you are given the encryption key.

To help prevent ransomware, you are able to set up rules for email which will block the common file types associated with a ransomware attack. For a helpful video on how to do this, please see Microsoft’s training video.

You should also ensure that there is a warning given to staff members before they are about to open an email which contains macros (ransomware is often hidden within these). Be sure to install next-generation endpoint protection for added protection.

Use spam notifications

If a hacker is able to gain login credentials during a phishing attack, they may send out many emails to a user’s contacts. These emails will often contain spam or malicious links. Office 365 security measures should include setting up a notification for when an email has been sent out excessively from a user or contains spam. This will give you a heads up on suspicious activity and a chance to warn your staff members not to open an email sent from the compromised employees account.

Stop email auto-forwarding

If a cyber criminal has gained access to a user’s login credentials, they can easily set up auto-forwarding of that user’s emails. Malware can be attached to these emails, which will be sent out to other employees around your organisation.

To stop this, you can set up an email flow rule which prevents emails being automatically forwarded to an external network. Here is how to set up a mail flow rule:
1. Go to Exchange admin centre.
2. Click ‘mail flow category’ and then ‘rules’.
3. Click the t ‘+’ icon, and ‘create a new rule’.
4. Go down to ‘more options’ to see the full list.
5. Apply the settings you want in the table. Unless you want to change anything else, then leave the rest as the default option. Then save your settings.

At Cube Cyber we have a friendly and dedicated team of experts to help with Office 365 security, and much more. To talk to one of our security experts, please call 1300 085 366 or visit out contact page.

As well as this, a surprising 59% of small business owners reported that several members of their staff are using personal devices when working from home. SME’s have always been at risk from cyber attacks, but that risk is rapidly rising throughout this pandemic.

The Rise in Cyber Attacks During the Pandemic

2020 has been a challenging year for most, with statistics from the OECD showing all countries other than China to be experiencing a recession and the global economy estimated to fall by 4.5%. Organisations are struggling to cope with the demanding changes needed for their business and having to adapt quickly to members of staff working from home. This brings about new challenges for cyber security.

If anything, we have seen just how important IT cyber security is and how much of our organisations do rely on digital devices and systems. Cyber criminals have only jumped on the opportunity that has arisen, with more staff working from home, often on personal devices or over unsecure networks, this vulnerability is dangerous.

Cyber criminals will often employ business email compromise (BEC) scams, sending scam messages via email, instant message, text message and social media, to illegally steal data or money from businesses. There has been a substantial increase in BEC attacks since the start of the pandemic. According to the Australian Cyber Security Centre (ACSC), over $142 million was lost in the 2019/20 financial year with 4355 reports of email scams.

Phishing emails are particularly popular amongst cybercriminals, and in smaller sized enterprises, where staff may have not had sufficient training in IT cyber security measures, the chances of an employee clicking on a malicious link is greatly increased. Any devices used at home or at work will also need to be protected.

In the UK, according to Hiscox, 65,000 cyber attacks are attempted every day. The Australian Cyber Security Centre (ACSC) reported back in 2019 that a high percentage of Australian SME’s will not have adequate cyber security practices in their organisation. SME’s play a crucial role and are known as the backbone of the Australian economy, so IT cyber security is essential for organisations of all sizes.

Many small to medium size enterprises simply are not aware of the risks of cyber threats, perhaps thinking this is only something to worry about in much larger corporations. Before companies can implement good IT cyber security practices, they really need to understand the risks associated to their business. IT cyber security measures will ensure every part of your business is protected and can respond quickly and effectively should any threat arrive.

IT Cyber Security & Preventing Attacks

There has never been a better time to implement strong and capable cyber security systems in your organisation. Examples below indicate the cyber security measures you could be taking, to ensure your business is well protected.

Use strong passwords

Ensure every member of staff is using strong passwords and not reusing the same password for multiple devices or systems. Ensure passwords are updated and changed regularly and any default passwords are changed.

Be careful when working in the cloud

More SME’s are working online in the cloud, sharing, and receiving important documents and sometimes sensitive data over the cloud, which could pose the threat of an increased vulnerability. Working with a cloud service provider (CSP) or cybersecurity firm can provide you with the support you need and help you better protect your business.

Ensure staff are being vigilant

Educating staff and initiating staff training on IT cyber security best practices is one of the best things you can do to protect your organisation from a cyber threat. Make sure employees are aware of the increasing amount of attacks and to watch out for potential fraudulent emails, such as those with an urgent call to action, strange wording or links or emails asking you to send a payment. If they are unsure, they should double check the email before clicking on any link.

Use multi-factor authentication (MFA)

Multi-factor authentication is an automated authentication technique where the user will be asked to verify two or more ways to login to a system, for example you may provide a password and then a code which has been sent to your phone. This preventative measure is a great way to ensure devices and data are secure.

Implement a cyber security policy

It is a good idea to have a cybersecurity plan and policy across your company. You should have an emergency plan, in case of the unfortunate event of a cyber security attack and ensure all members of staff are informed about the cyber security measures that have been put in place. Hiring an Information Security Officer (ISO) who oversees the security policy or outsourcing your cyber security to an expert firm is a great way to safeguard any potential threats to your organisation.

Make certain remote access is secure

It is always a good idea to keep remote access at a minimum if you can. With more people working from home nowadays, it is vital that remote connections are secure and properly encrypted.

Keep data backed-up

Help protect your business and data from ransomware attacks by performing regular backups and keeping those files offline. You should also try to have two versions of your backups for even further protection.

If you are a small or medium sized business looking to update your cyber security, why not try a free trial with Cube Cyber today. We have expert professionals ready to help you and your organisation implement secure cyber security solutions.

Small and medium sized enterprises are having to deal with a wealth of new problems that working remotely brings; everything from insecure home-networks, staff using personal devices, sharing of sensitive information over the cloud, complying with legal guidelines and using shared family computers for work.

SME’s have had to quickly adapt to this new way of working and in the meantime, cybersecurity can easily be overlooked. However, teams working remote can be one of the biggest risks in cyber security. Cyber threats are often underestimated, and it is easy to forget the risk whilst working from your kitchen table.

Staff need to be aware that the same cyber security measures are just as important when working from home as they are in the office.

Hackers and cybercriminals are taking advantage of the vulnerabilities that have arisen from working remotely, so it is vital that employers and staff are all aware of the risks and ensure safe cyber security measures are being put in place, when working from home.

Here are 11 cyber security tips for SME’s working remotely:

Use company devices

Use a company owned laptop or device that is properly secured to reduce the risk of data breaches when managing sensitive information and data online. This is a far better way of safeguarding than employees using a variety of personal devices which could have outdated software and security measures.

If you are running an SME and simply do not have the means to provide every member of staff with their own device, then think about employing a secure remote desktop service. Providing employees laptops have the adequate amount of protection, this solution means all of the data will be stored on the office device and staff members personal devices are merely acting as a display.

Install internet security at home

If employees are using personal devices whilst working remotely then it is a good idea for them to install internet security at home. The usual home internet security antivirus software may be too basic for staff working for home. It is important that all home computers are just as secure as those in the office.

Be aware of common scams

It is important to know what the most common cyber security scams are, so you know what to watch out for. Small and medium sized enterprises can be in a particularly vulnerable position if they are not aware of the threats to their organisations. Being aware of how such threats work, for example spear phishing attacks, increases the likelihood that you will spot the threat before it is too late.

Ensure the safety of your devices

We are not just talking about internet safety here; you also need to make sure your devices are physically safe and not being put in a position where they could be easily stolen. Whilst most of this is pure common sense, it is also just as easy to get lapse with our judgement, particularly if we are not used to working from home, and in a more relaxed environment. Those of you who have young children need to be particularly vigilant that your work computer does not fall into the wrong hands! Devices should automatically lock if you are not using them, and ensure they are not left on when out of the room, especially if there are kids around. Preferably when leaving the house, any devices with sensitive work-related information on should be secure in a locked room.

Avoid using USB thumb drives

Portable storage devices should be avoided if possible. If a member of staff saves confidential and sensitive information to a USB thumb drive, and then looses it, the chances are there for anyone to pick it up- and you certainly don’t want that information falling into the wrong hands. On another note, USB drives have been known to have been placed by hackers near the place they are trying to attack, in an attempt for colleagues to pick up the drives and plug them into staff computers to find disruptive malware which will lock their system. Shockingly, this happens more than you might think.

Use secure VPN’s

Virtual private network’s (VPN’s) allow a secure and encrypted communication between a device and a remote network. This is an excellent way to secure private information being compromised if a hacker is stealing data from public Wi-Fi services or attempting to attack an unprotected private home network. When choosing a VPN ensure that your data is properly secure and will not be passed on to a third party.

Two factor authentications (2FA)

Two factor authentication (2FA) provides an extra level of protection when logging in to secure networks. You may need to provide a username and password, and then again, another method of identity such as a code from a SMS message. This means that if a hacker gains access to your password, they still will not be able to login using your credentials, as they do not have access to your phone.

Backup data

All company data should be regularly backed (preferably a double backup) and stored in an offline location. This is a vital way of protecting data in case of a ransomware attack. In such an attack, the hackers will steal your data and demand a ransom in order to get it back. If you are running a small enterprise, you may not have the funds for the ransom and may be at risk of loosing important data.

Setup firewalls

All your networks should have a firewall installed to protect your computer from potentially harmful sites. Firewalls are essentially filter’s, they control all the information coming in from other sites and computers, allowing some communication through and restrict what it believes to be harmful threats. At Cube Cyber we have next generation firewall services that can help you block threats and reduce costs.

Keep updated and patch systems

Old and outdated software has vulnerabilities that hackers can easily use to get into your computer. All operating systems need to be regularly patched and updated to help keep your business secure. Hackers will always find weak points in devices and networks using outdated software, so it is important that systems are updated as soon as a new update comes out, or better yet install auto updates.

Get the right training

The weakest link in cyber security is usually the human factor. People make mistakes, even the smartest amongst us will occasionally click on a dodgy link after being fooled into think it was something else. Good training on cyber security is essential for the safeguarding of company information. Staff members need to be aware of phishing attacks and what to look for in a spammy email, which can look incredibly realistic at times. Regular training sessions and keeping staff up to date on the latest cyber threats will reduce the risk of someone unknowingly giving away sensitive company information.

Using these cyber security tips should help to implement good protection measures across your company. If you found this article useful, then give it a share and let us help spread good cyber awareness across the board.