Identifying cybersecurity vulnerabilities in your network is a crucial step in securing your digital assets. While a one-time vulnerability scan is beneficial, it’s crucial to avoid the misconception that a single scan ensures network security. 

With the increasing frequency and complexity of cyber threats, long-term cybersecurity requires ongoing efforts. Regular, full scans of your entire environment are essential. 

We advocate for a proactive approach, recommending the scheduling of full vulnerability scans at least once a month or following any significant ICT changes. Thanks to modern vulnerability scanning tools, these scans can be integrated into your routine outside of business hours, minimising disruptions to operations and staff. 

Nurturing a culture of vigilance

Cybersecurity is an ongoing process, and staying vigilant is essential. Regular vulnerability management brings numerous benefits: 

Continuous Adaptation to Threats 
The cybersecurity landscape is dynamic, with new vulnerabilities emerging regularly. An ongoing scanning service ensures that your organisation stays updated on the latest threats.  

Adapting to System Changes 
Networks are not static; evolving with changes in software, hardware, and configurations. Continuous vulnerability scans help identify threats caused by system changes, updates, or new installations.  

Timely Threat Detection 
Cyber attackers are relentless in developing new methods and exploiting vulnerabilities. Through regular scanning, your organisation can quickly find and address emerging threats before they have a chance to be exploited. 

Compliance 
Many industries and regulatory frameworks require regular vulnerability assessments. Engaging in an ongoing scanning service not only ensures compliance but also mitigates potential legal or regulatory issues. 

Prioritisation of Remediation 
Regular scans provide a prioritised list of vulnerabilities based on severity. This allows your IT and security teams to focus on addressing the most critical issues first, thereby enhancing the overall security posture of your organisation. 

Risk Management 
At its core, cybersecurity is about proactive risk management. Ongoing vulnerability scanning allows you to proactively manage and mitigate risks by identifying and addressing potential weaknesses before they can be exploited. 

Incident Prevention 
Identifying and addressing vulnerabilities proactively becomes a powerful tool in preventing security incidents and data breaches. Ongoing scanning ensures that your organisation stays ahead of potential threats and take preventative measures.

Security Hygiene 
Much like personal hygiene is essential for maintaining health, security hygiene is crucial for the health of your IT infrastructure. Regular vulnerability scans contribute to good security hygiene by keeping your systems and software up-to-date and secure. 

Cost-Effective 
Regular vulnerability scanning proves to be a cost-effective when compared to dealing with the aftermath of a security breach. The average cost of a data breach is $6.77 million, significantly exceeding the expense of implementing preventive measures through continuous scanning. 

Security Culture 
Establishing an ongoing vulnerability scanning service within your organisation fosters a culture of security. It emphasises the importance of proactive security measures and encourages a mindset of continuous improvement. 

Demonstrates Due Diligence 
Regular vulnerability scanning is a demonstration to stakeholders, customers, and partners that your organisation takes cybersecurity seriously. It shows that active steps are being taken to secure systems and protect sensitive information.

A proactive approach to Cybersecurity

Identifying and managing cybersecurity vulnerabilities requires a strategic blend of proactive measures and regular assessments.  

By partnering with Cube Cyber, monthly scans are effortlessly managed, sparing your valuable time. We can provide a fully Managed Vulnerability Service for your organisation, using market leading solutions from vendors, including Tenable. While we suggest monthly scanning, we understand flexibility is key. Adjust the frequency to suit your needs. Our monthly reports, featuring executive summaries in an easy-to-understand format, zero in on key risks and provide mitigation strategies tailored to your organisation.  

Our expertise takes the lead, ensuring your organisation stays ahead of potential threats, strengthening your security in the background, while you can focus on more strategic projects. 

If you would like more information on how an expert team like Cube Cyber can put Vulnerability Best Practices in place for you, contact us today. 

1. The SME Cybersecurity Imperative

SMEs may perceive themselves as less vulnerable, but the reality is that phishing attacks can have a severe impact. Phishing attacks are generally the first step by an attacker in compromising a business email account that ultimately results in financial crimes such as invoice fraud. 

Did you know? At the lower end of the scale, the cost of a cyber security breach on a medium enterprise is $97,200. Cube Cyber believes in proactive measures to safeguard businesses of all sizes. Here are essential steps for SMEs to protect themselves: 

Two-Factor Authentication (2FA) 

Implementing 2FA is a crucial step in stopping phishing attacks in their tracks. Cube Cyber advocates for this added layer of protection, and it is a “must have” when accessing internet facing systems. It acts as a formidable barrier against unauthorised access. 

Employee Education 

Educating staff members on cybersecurity is paramount. Cube Cyber understands that an informed workforce is less susceptible to phishing attempts. By imparting knowledge about preventive measures, employees can actively contribute to the organisation’s cybersecurity defences. 

Password Hygiene 

ID Support NSW, a state government agency dedicated to helping victims of identity theft and hacking, underscores the critical importance for businesses to elevate their cybersecurity measures. This involves the mandate for strong passwords. Cube Cyber aligns with this recommendation and places a strong emphasis on the significance of robust password practices. 

Cube Cyber advocates not only for the strength of passwords but also for the regular rotation of these credentials. The practice of using unique passwords for various functions adds an extra layer of security, significantly reducing the risk of unauthorised access resulting from compromised credentials.

Investing in Comprehensive Security Software 

Even without clicking on a malicious email or file, vulnerabilities exist. Take, for example, common email services like Outlook or Gmail. Enabling the option to automatically download pictures might seem harmless, but it can pose a significant risk. Cube Cyber recommends investing in a complete security software system. This includes solutions like Cisco Umbrella, which stands at the forefront of Cube Cyber’s defence strategy, offering protection against phishing emails and malicious attachments. 

Regular Data Backups 

Maintaining regular backups of company data is a fundamental aspect of Cube Cyber’s approach. In the unfortunate event of a phishing attack, having backups ensures that critical information can be recovered, minimising the impact on business operations. 

“Phishing based cyber-attacks can happen to anyone in the current landscape. And although they can elude security systems, there are some basic technologies that can slow the attack. Multi-factor Authentication, Secure Service Edge (SSE), and SASI. There’s no silver bullet, but if your security is basic, it is well worth looking into the viability of some of these well-matured methods to give yourself a fighting chance.”

2. Cube Cyber’s Must-Have Solution for SMEs

Small and medium-sized enterprises often underestimate the need for cybersecurity until it’s too late. Cube Cyber, however, stands out by encouraging and delivering a proactive approach.  

Cube Cyber’s MDR Service (Manage, Detect & Respond) 

We go beyond a one-size-fits-all approach and offer cost-effective, advanced security solutions tailored specifically to the requirements of small and medium businesses. With our MDR service, we ensure comprehensive protection that aligns seamlessly with SME operations, offering strong defences against cyber threats.  

Continuous Monitoring and Expert Analysis

Leveraging a combination of expert skills and automation, we ensure continuous monitoring of your entire IT environment 24/7. Our team supplies regular reports and analyses of security incidents, offering actionable insights to drive continual improvement across your IT operations. 

Local Expertise and Australian Team

Cube Cyber’s team is locally based and understands Australian businesses and challenges deeply. Our cybersecurity analysts and consultants bring decades of experience in security, supplying valuable and accessible resources to our clients. 

Flexible and Budget-Friendly Approach

Cube Cyber adopts a menu-style, a-la-carte approach to services. You only pay for what you need, allowing flexibility around budgets, existing capabilities, and risk appetite. 

First Line of Defence: Cisco Umbrella Integration

Cube Cyber integrates Cisco Umbrella as a proactive and vigilant guardian, positioning it as one of the first lines of defence against phishing attacks. With DNS-layer security and real-time threat intelligence, Cisco Umbrella detects and neutralises potential threats right from the start, ensuring a robust and coordinated response to emerging threats. 

Email Security with Advanced Malware Protection

Cube Cyber enhances email security by integrating Email Security with Advanced Endpoint Protection, providing a formidable defence against spam, phishing emails, and malicious attachments. This proactive measure ensures that your email communications stay secure and free from potential threats. 

Is your business ready to outsmart phishing attacks? Our mission at Cube Cyber is to support your business in preventing, detecting, and responding to any kind of cyber threat. 

Contact us to get started protecting your business. 

Book your free Cyber Security consultation today and let Cube Cyber guide you towards a safer digital future. 

Our Managed Detection and Response (MDR) service is crafted to elevate advanced threat detection, investigation, and response capabilities, augmenting internal security measures.  

Cisco Umbrella takes centre stage in fortifying our defence strategy. 

At the heart of our defence strategy is Cisco Umbrella. It’s not just another tool; it’s a comprehensive shield to prevent ransomware, malware, phishing, and other cyber threats. It bridges visibility gaps, takes charge, enforces consistent rules, and alleviates the strain on security resources. 

We sat down with Andrew O’Shea, Principal Consultant at Cube Cyber to talk about the developments in the Cisco Umbrella technology and how it feeds into the greater resilience in the overall security service offer of their MDR.  

Here are five pivotal ways Cisco Umbrella empowers our MDR service: 

1. DNS-Layer Security

Using DNS, Cisco Umbrella stops malware in its tracks and prevents infected machines from connecting with attackers when connected to your network or working remotely. Adding an extra layer of defence, Cisco Umbrella routes risky domain requests to a selective proxy for URL and file inspection. This protects critical infrastructure without causing delays or performance issues. Additionally, Cisco Umbrella offers app discovery and blocking, providing visibility into cloud apps used across your organisation. Allowing you to find potential risks and effortlessly block applications. 

2. Security Service Edge (SSE)

As remote work becomes more common, Cisco Umbrella is a gateway to Secure Access Service Edge (SASE), bringing a host of benefits. With Cisco Umbrella, you can: 

• Bring access closer to users and the cloud edge, enhancing efficiency and reducing downtime. 
• Enjoy the ease of security in a single cloud solution and framework, streamlining your cybersecurity infrastructure. 
• Leverage a trusted as-a-service model for enhanced efficiency in managing security protocols. 
• Streamline policy enforcement and deployment, making it straightforward to manage and adapt to changing security needs. 
• Ensure 24/7 fast, secure internet, and cloud app access, supplying a seamless and protected digital experience for users. 

3. Anytime, Anywhere Protection

Tackling the complexities of varied user locations and device usage, Cisco Umbrella provides visibility, regulates app usage, prevents data loss, and ensures swift and secure internet access. With risks such as phishing and malware, it safeguards remote workers, fortifies branch offices, and manages cloud app usage seamlessly, without the need for extra hardware. 

4. Real-Time Threat Detection/Prevention

Cube Cyber amplifies its Managed Detection and Response capabilities through the integration of Cisco Umbrella, creating a formidable defence against evolving threats. 

Swift Identification and Blocking: Thanks to Cisco Umbrella, Cube Cyber can swiftly spot and block threats in real-time. For example, picture a scenario where a user accidentally visits a malicious website. Cisco Umbrella, armed with its DNS-layer security, catches the threat right at the first interaction, stopping the user from stepping into a potentially harmful situation. 

Halting Phishing Attempts: In another situation, if a user inadvertently clicks on a phishing link, Cisco Umbrella’s real-time threat intelligence kicks in. It identifies the malicious activity and takes quick action, shielding users from falling for phishing attempts. 

Preventing Malware Infiltration: When an employee downloads a file carrying malware, Cisco Umbrella’s selective proxy and real-time file inspection jump into action. They scrutinise the file, uncover malicious content, and prevent the malware from sneaking into the network. 

With Umbrella in play, organisations experience a 45% drop in threats and an impressive 83% faster resolution of threats. 

5. First Point of Action in Incident Response

Cube Cyber strategically positions Cisco Umbrella as one of the first lines of defence when a business faces compromise. The reason behind this strategic decision is rooted in Cisco Umbrella’s widely recognised reputation as a top-notch product in its class. 

Proactive Threat Mitigation: If a site is compromised, Cisco Umbrella acts as a vigilant guardian. Using its DNS-layer security and real-time threat intelligence, it detects and neutralises potential threats right from the start. 

Rapid Response to Emerging Threats: Cube Cyber counts on Cisco Umbrella to stay ahead of new threats, ensuring our initial response is armed with the latest threat intelligence and robust security measures. 

Reputation for Effectiveness: Opting for Cisco Umbrella as a first line of defence isn’t just a strategy; it’s a commitment to the best in the industry. The proof is in the numbers – over 26,000 companies trust Umbrella for robust threat protection. 

Cube Cyber’s MDR Service

Synergies with MDR Offerings: Cisco Umbrella integrates seamlessly with Cube Cyber’s MDR service, enhancing threat detection and response. For instance, Umbrella’s DNS-layer security complements Cube Cyber’s monitoring, creating a strong defence. 

Unified Threat Intelligence: Integrating Cisco Umbrella establishes a unified threat intelligence framework at Cube Cyber. This blends Umbrella’s insights with Cube Cyber’s existing threat intelligence, creating a more robust detection and response system. 

Synchronised Incident Response: In a security incident, Cube Cyber’s MDR service taps into Cisco Umbrella’s synchronised response. Threat indicators go straight to Cube Cyber’s team for a quick and coordinated response. 

Cube Cyber’s MDR service is your go-to for top-notch cybersecurity. We keep things flexible with per-user monthly billing, tailor-made reports, and round-the-clock monitoring. What sets us apart? Our commitment to making cybersecurity comprehensive, easy to access, and all about you. We’re not just a service; we’re your dedicated partner in keeping your digital world secure and stress-free. 

Our mission is to support your business in preventing, detecting, and responding to any kind of cyber threat.

Contact us to get started protecting your business. 

As cybercriminals gain access to sophisticated technology, it is critical that organisations utilise state-of-the-art cyber defences to safeguard against a cyber-attack.

Nowadays, almost all businesses collect and store some form of sensitive data. Unfortunately, SME’s continue to underestimate the risk of a cyber-attack due to the size of their operation. The implications to a business can be detrimental, including financial loss, reputational damage, and loss of staff productivity.

Did you know that 43% of cyber-attacks target small businesses, while only 14% of these businesses would rate their cyber security as highly effective? Cybercriminals consistently exploit this false sense of security, often targeting smaller businesses who have let their guard down.

‘But I have antivirus software installed on my computer, so these cybercriminals won’t be able to get my data.’Unfortunately, traditional antivirus software only provides a fraction of the security required to provide effective protection in today’s environment.

To help you understand why traditional antivirus software is no longer a sufficient security mechanism, let’s discuss how it operates.

A signature is a static string or pattern of text that uniquely identifies a virus. These signatures allow antivirus software to detect and trigger alerts when a virus is present. As these are static identifiers, the virus needs to be known and understood, if the virus behaviour changes or a new virus is released then new signatures will be required. Signature updates range from once a day to once a week.

These antivirus products are often referred to as point-in-time detection technologies.

Traditional Antivirus vs Next Generation Endpoint Protection

Traditional antivirus software was originally designed to prevent and detect single devices against malware infections. While it used to be considered a must-have in the battle against cybercriminals, legacy antivirus provides little protective value in today’s advanced cyber landscape for the following reasons:

• Antivirus software can only detect known threats. With thousands of new malicious threats being developed every day, traditional antivirus software simply can’t keep up. Moreover, antivirus is limited to point-of-entry inspections, meaning it doesn’t analyse behaviour once it has infiltrated the device.
• Most antivirus software conducts static analysis on the device, rather than leveraging real-time cloud-based threat intelligence.
• Legacy antivirus also lacks the real-time visibility of newer cyber protection models that utilise machine learning and fuzzy fingerprinting to analyse and catch the malware at the point of entry, in real-time.

Taking these things into consideration, it’s clear that traditional antivirus is no longer effective. So, what can you do to protect your business?

Next Generation Endpoint Protection

As the name suggests, Next Generation Endpoint Protection (NGEP) offers the latest technology in anti-malware and hacking protection. As a comprehensive security model, NGEP mitigates the risk of unauthorised access at every step of the way, meaning devices get the best possible protection against infiltration, data loss, and malicious activity.

Within the Next Generation Endpoint Protection space, we recommend Cisco Advanced Malware Protection (AMP) for Endpoint.

AMP for Endpoints was specifically designed to work together with existing security products that may be installed on an endpoint such as traditional antivirus. AMP does not clash with existing antivirus products nor does it try to compete with them.

A current trend that we are seeing is the replacement of traditional antivirus software with AMP. AMP for Endpoints goes beyond traditional normal signature-based detection and prevention technologies, by including multiple processes and analysis engines to enhance AMPs ability to detect Malware. AMP provides,

• Multiple preventative engines utilising cloud-based threat intelligence, effectively doing the heavy lifting for you in the cloud and not on your device, AMP automatically identifies and stops advanced threats before they reach your endpoints.
• Continuous analysis, remediation and retrospective security, when a file arrives on an endpoint, AMP watches the file continuously and records its activity, regardless of whether the file is deemed good or bad. If a good file starts to exhibit bad behaviour in the future, AMP can alert your team, so you can contain and remediate the threat quickly.
• AMP utilises threat intelligence provided by the Cisco Talos group, Talos analyses millions of malware samples and terabytes of data every day. Once available, Talos pushes this threat intelligence to AMP for Endpoints so users are protected 24/7.
• AMP integrates with Cisco Threat Grid to provide Advanced Sandboxing functionality. AMP can perform automated static and dynamic analysis of files, against a large number of behavioural indicators, to determine whether a file is malicious

Taking an integrated approach

Next Generation Endpoint Protection offers an integrated approach to cybersecurity that just isn’t possible through traditional antivirus software.

AMP for Endpoints prevents threats at point of entry, then continuously tracks every file it lets onto your endpoints. AMP can uncover even the most advanced threats-including fileless malware and ransomware–in hours, not days or months.

Thinking back to the beginning, how would you now rate your device security?

If the answer is anything less than excellent, we’d love to chat! Call 1300 085 366 or email us on info@cubecyber.com to book your complimentary security assessment today.

The technical security controls in place at the company were very limited, including a basic Wi-Fi modem firewall with limited anti-virus protection. These controls were not configured or managed effectively leaving gaps in their ability to protect the organisation.

Cube Cyber were engaged to provide investigative assistance with the incident and recommend possible solutions to improve overall security and prevent further occurrences. Our team initially analysed the current threat and assisted the customer in recovering from the attack. Once the source of the comprise was dealt with, Cisco Umbrella and Cisco AMP for Endpoints was deployed to ensure there were no compromised hosted or malicious activity remaining on the network.

In addition to bolstering security against ransomware and other Internet threats, Cisco Umbrella enabled the company to control and filter the types of websites that staff accesses while using corporate devices, both on and off site. Cisco AMP for Endpoints  was deployed to rapidly detect, contain, blocks and remediate advanced malware and threats across in real-time should a similar incident occur in the future.

Cube Cyber were engaged to provide investigative assistance and recommend possible solutions to improve overall security and prevent further occurrences. To cover the main sources of an attack and reduce the overall risk to the company from external and internal threats, we prosed a solution to bolster security and protect against malicious software, malicious websites and Email attacks.

Our Managed Security Service using Cisco AMP, Umbrella  and Fireeye’s Email Laundry was proposed to protect the business from advanced cybersecurity threats and malware containing ransomware and other malicious software.

The solution is fully cloud managed with no hardware required on premise. The deployment of a software agent on devices and a number of simple configuration tasks were required to implement the service and provide complete protection on devices. The company has transitioned from having a low level of cybersecurity protection to advanced level usually found in large enterprises.

The reporting tends to ignore the fact that the security of a device does not equate to the security of the system. The chants of self-appointed researchers and some fear-slinging security vendors would have us believe we’re all at risk of remotely controlled death, triggered by smart-phone.

In this article, we explore the current landscape of the network security for medical devices and architecture to ensure a secure environment.

So are medical devices secure?
The likelihood of actual harm from medical device insecurity is of course far removed from the worst case scenarios we read about in often-sensational media reporting or researcher claims. Those of us that actually work with medical systems know this. Nevertheless, vulnerabilities and threats obviously exist and medical devices are high-value targets. A better question perhaps would be “can networked medical devices operate safely and acceptable level risk to patients?”. Addressing this question, of course, is the daily challenge of professionals charged with managing risks on clinical networks.

What makes medical devices so different?
Just as for other waves of cybersecurity hysteria around IoT and Critical Infrastructure sabotage, medical devices are often cited as vulnerable to manipulation into misbehaving or leaking information. It is important to realise as security professionals that biomedical devices have unique needs that don’t always neatly fit into regular security practices. Like other critical infrastructure systems, medical devices and their local ecosystems are commissioned and tested extensively and formally so that they function exactly according to manufacturer specs. Change to these systems becomes complex, risky and expensive.

How then can devices be protected, yet allowed to communicate with all their necessary integration points – local users, remote support, external vendor monitoring systems, head-end servers, cloud-based health record services, other connected health systems?

Enter the modern security-centric network. A modern network security infrastructure can provide increasingly sophisticated protections from known attack vectors and these advances are the main thrust of this post. What’s changed? The loosely connected, hardware-centric, open networks of the past are giving way to Application Programming Interface (API) driven, integrated, software-centric, “zero-trust model” networks of today providing very powerful tools to achieve secure network architectures.

But first, let’s take a look at the external factors driving risk.

The Healthcare Threat Environment

There’s no question medical devices in clinical environments make high-value targets for cyber-criminals, where a breach of security could be both profitable to the attacker, potentially catastrophic to the victim, and very costly to a healthcare delivery organisation’s reputation.
Since the mandatory data breach notification scheme came into effect in Australia on February 22, health service providers have been top of the class when it comes to the number of data breaches reported, importantly though, a large percentage of the reported breaches were the result of either human error or a lack of basic cyber hygiene.

Threats commonly referenced for medical device security include malware infections, targeted attacks and Advanced Persistent Threats (APT’s), Denial of Service (DoS) attacks, theft, unintentional misuse and directly connected devices (e.g. USB devices).

Further complicating the security landscape the increasing integration with cloud-based electronic medical record systems represents the new risk.

Secure Network Architectures
Network Access Control (NAC) has been readily available for many years providing reliable and highly secure protection where it is needed most – at the point of access, the network edge. Pushing strong identity and access control mechanisms to the network edge using protocols like RADIUS and 802.1x, goes a long way to preventing unauthorised access. Use of a comprehensive NAC solution like the Cisco Identity Services Engine (ISE) now allows for extremely flexible deployment models, easily supporting both newer and older legacy devices – a major plus when dealing with a diverse mix of medical device capabilities.

Not only does NAC protect the wired and wireless network edge, it supports the dynamic placement of devices into segregated and isolated sub-networks (zones). Furthermore, the telemetry provided by connection attempts provides excellent visibility of not only the movement and connection state of device assets but the ability to detect unauthorised connection attempts and take action accordingly.

The Medical NAC Ecosystem
A medical grade network ecosystem centred on NAC now enables highly flexible and integrated security to be achieved. Now that a security ‘event bus’ using the likes of Cisco’s pxGrid can be tightly coupled to both the NAC system, the segregation firewalls and beyond that to secure operations platforms like SIEM and automation tools, comprehensive and integrated security is readily achievable.

These abilities go well beyond traditional network segmentation and access control mandated by most standards. Let’s consider some of these. The ability to provide effective micro (device-level) segregation and isolation policy for one. The ability to quarantine unauthorised devices before they can send a malicious packet. The ability to perform real-time behavioural analytics on traffic flows. The ability to link security systems together and share context and behaviour. The ability to respond automatically to abnormal conditions and coordinate countermeasures using API calls.

Features within the Cisco Medical NAC ecosystem are underpinned by ISE/pxGrid, Stealthwatch and optional elements of Cisco’s Trustsec architecture. Of particular note are features like these:

• Medical device profiling – More than 250 profiles for medical devices out of the box with ability to customise your own. The ability to automatically detect the device type can really boost the flexibility in policy authorisation control and provides excellent visibility into the activity of the device fleet.

• Downloadable Access Lists (dACL) – Layer-3 packet filtering at the edge, including the option for Active Directory integration for per-device/class ACL’s using custom attributes

• Identity PSK – The recently introduced capability to use multiple pre-shared keys on the same WLAN SSID, with the dual benefit of keeping the number of SSID’s low and supporting migrations, key updates and per device/group PSK

• pxGrid – Cisco’s context and event integration publisher/subscriber backbone for Rapid Threat Containment and multi-platform.

• Stealthwatch – The network flow security analytics engine, detecting abnormal network behaviour and attacks

• SIEM integration – Push logs and events into your log repository or SIEM for maximum analytical and troubleshooting value

• API driven automation and response capability – All of the products mentioned have API interfaces that your DevOps or SecOps team can take advantage of to start exploiting full visibility and control of the environment.

Using network segmentation to protect devices and medical records from threats requires Medical-Grade NAC. By monitoring behaviours to detect and contain threats, healthcare security can be improved drastically to mitigate risks to the organisation. Putting it all together requires some planning and experience, but the tools available today are vastly improved and proven in the field today. As the saying goes, the whole is now much bigger than the sum of the parts when the parts fit together effectively. This, of course, is just a component of the overall security approach, but as the point of control closest to the medical device, it is a critical one to get right.

Cube Cyber, a Cisco Certified provider based in Brisbane, has been delivering solutions for the healthcare industry since 2015. Contact us today on 1300 085 366 to discuss your next project.

References:

Office of the Australian Information Commissioner
https://www.oaic.gov.au/

US Health Care Breach register
https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

University of San Diego “Cyber Security Threats in 2018”
https://onlinedegrees.sandiego.edu/top-cyber-security-threats/

NIST / NCCoE Infusion Pump Security August 2018
https://www.nccoe.nist.gov/sites/default/files/library/sp1800/hit-wip–nist-sp1800-8b.pdf 

• Advanced API Program
• Real-time insights
• Bespoke system design
• Network Design

• Network Architecture and Design
• Network Access Control
• Endpoint Management

• Solution options analysis and recommendations
• Network Architecture and Design
• Solution implementation
• Traffic flow analysis and subsequent zone lockdown