Qubit Cyber

"Just like a quantum bit (qubit) your cyber-security posture is in a state of superposition, you can be both secure and vulnerable at the same time. It's only when measured that you truly know..."

Consulting Services

Consulting CISO

Risk Exposure

Breach Impact Assessments

More info...

Cyber Risk Assessment

More info...

Vulnerability Exposure Assessment

More info...

Incident Response Planning

More info...

Consulting CISO

CISO-aaS | Board Advisory | Security Maturity | Compliance Mapping

CISO-as-a-Service

Many organisations struggle to hire, train and retain an experienced CISO, or are not of the size to need one full time.
We therefore provide a CISO-as-a-Service model, where you call upon the CISO services you need, as required.
Our team has many (way too many!) years of experience in:

Governance, Risk and Compliance
IR (Incident Response)
DR (Disaster Recovery)
BCP (Business Continuity Planning)
Enterprise Security Architect
Penetration Testing and Vulnerability Assessment
Secure SDLC

Contact us more details...

Board and Exec Advisory

Many organisations have "cyber" as one of their top risks, however Boards and Exec teams are often very under-informed on how to consider, interprate and therefore manage cyber-risks.
If your board or exec team treats "cyber" as simply a technical issue then you need to engage us now!

Put cyber-risks in true business terms
Bride the tech-to-exec gap

Contact us more details...

Cyber Security Maturity

This is a detailed assessment, performed over time, with interactions with all key business units.
We have reusable metrics and tools to help us assess where you are in your cyber-security maturity journey.
We then work with you to assess where you should be on the maturity scale, based on your strategic business plan over the next 5 years, including product and service development, global target markets and target industries.
We then help with a cyber-security strategy to help move you from where you are today, to your future goal.
Cyber-Security Maturity follows the classic CMMI maturity levels, used in IT for many years:

Level 1 - "CHAMPIONS": These are the champions inside your org, trying to do there best to secure you.
Level 2 - "PROJECTS": This is when you now have security projects, to improve your security posture.
Level 3 - "PROCESSES": You've matured into having repeatable processes. This is where your compliance journey can begin.
Level 4 - "AUTOMATION": You now automate and have tools for the most common processes, and the most critical.
Level 5 - "CONTINUOUS IMPROVEMENT": By measuring your repeatable, and automated, processes you continuously improve efficiency and effectiveness.

It should be noted, that you can't skip steps, but have to move through them for it to be effective.
However, you can certainly outsource services, and buy-in products and experts who operate at a higher maturity level.

(See Cybersecurity Capability Maturity Model (C2M2) for more details...)

Contact us more details...

Compliance Mapping

We have reusable metrics and tools to help us assess where you are in your compliance journey.
We work with you to assess the compliance frameworks relevant now and into the future based on your strategic business plan over the next 5 years, including product and service development, global target markets and target industries.
We then help with a cyber-security strategy to help move you from where you are today, to your future goal.
Compliances include, but are not limited to:

Common Security Frameworks and Standards: NIST, SOC2, ISO27001/ISO27002
Critical Infrastructure: NERC-CIP, SCADA
Medical: HIPAA
Credit Cards: PCI
Regional: GDPR, NZISM, AUISM
Etc...

Our goal is to help map your security posture, such that mapping between you immediate and future compliance standards is as seamless as possible.

In our experience large customers and government agencies around the world have their own set of cyber-security risk questions, as do insurers. As you scale then the number of security questionnaires you're needed to complete can escalate... A re-usable and efficient process is critical.

Contact us more details...

Risk Exposure Services

Breach Impact | Cyber Risk | Vulnerability Exposure | Incident Response

Breach Impact Assessment

This is a detailed assessment, performed over time, with interactions with all key business units.
We have reusable metrics and tools to help us assess the costs and impacts of a serious breach in terms of:

The actual costs of downtime
Customer loss (based on industry stats)
Impact to growth plans and customer acquisition (based in industry stats)
Fines (based on industry, geography and impacted customers)
Professional services (cyber-security, legal, PR, HR)
System patches and upgrades to defences (because if you don’t the damages will be much more impactful when it happens again).

Then we assess how much of this is mitigated by your individual cyber-insurance cover.
See our Cyber-Insurance Services.

Contact us more details...

Cyber Risk Assessment

This is a detailed assessment, performed over time, with interactions with all key business units.
We have reusable metrics and tools to help us assess the costs and impacts of a serious breach in terms of:

The actual costs of downtime
Customer loss (based on industry stats)
Impact to growth plans and customer acquisition (based in industry stats)
Fines (based on industry, geography and impacted customers)
Professional services (cyber-security, legal, PR, HR)
System patches and upgrades to defences (because if you don’t the damages will be much more impactful when it happens again).

Then we assess how much of this is mitigated by your individual cyber-insurance cover.

Contact us more details...

Vulnerability Exposure Assessment

This is a critical service, to assess where your business and technology stack is vulnerable to attack.
We provide a wide range of services including:

Web and API penetration testing.
Internet facing perimeter scanning.
Custom application pen-testing.
Code reviews.
Red-teaming (attacking the tech and humans).
Stress testing / DDoS testing.

When needed we call in the help of some of our global partners. However we will scope, run, consume, analyse and report on their services for you.

Contact us more details...

Incident Response Planning

This is a detailed assessment, performed over time, with interactions with all key business units.
We have reusable metrics and tools to help us work with you in planning your cyber-incident response plan (IRP):
Any IRP will include:

The composition of your Incident Response Team.
Exec visibility, reporting, decision making, pre-authorisation of actions and escalation.
Legal contacts and considerations.
Insurance actions and considerations.
PR and pre-planned comms.
HR and staff implications.
Tech team, both in-house, and external expert support.
Geographical and time-of-day considerations.
3rd party vendor SLAs, support and response.

Then we assess how much of this is mitigated by your indivdual cyber-insurance cover.

Of course an IRP is useless unless practised. We therefore work with you to implement regular fire-drill exercises, across the whole org and inside specific business units, to run through incidents.

Contact us more details...

Cyber-Physical Testing Lab

The line between software and hardware has blurred. Any autonomous vehicle or drone is now as much a complex software system as it is hardware.
We find in modern autonomous SW/HW systems that the customer writes no more than 10% of their own code. 90% will come from the code included in the componentry they use...

Our team has years of experience of testing for some of the world's leading manufacturers.
Services include (but are not limited to):

Software component testing.
Break testing and fuzzing.
Authentication and authorisation bypass.
Custom software installation and system abuse.
Logging and audit review, for visibility and traceability.
Full system threat modelling.
3rd Party vendor and supplier assessment.
SBOM (Software Bill of Materials) assessments.

Autonomous Vehicles

Autonomous Mining

Agri-Drones

Delivery Drones

Aviation Drones

Cyber Insurance

We are experts in Cyber Insurance.

Why Insure?

The unfortunate reality is that many organisations have treated their cyber-insurance as the solution to their cyber-security.
This is fundamentality flawed! You cannot "insure yourself secure".

However you do need cyber insurance, if not you're self-insuring a whole set of critical business risks.
The trouble is how in today's market do you know:

How much insurance do you need?
From whom?
Are you secure enough to even be insurable?
What does it cover?
What does it NOT cover?
How is built into your Incident Response Plan (IRP)?

Exposure | Risk | Benchmarking | Risk Reduction

Real Cyber-Risk Exposure

As with a qubit, your security posture is in a superposition. Your IT team says you've implemented 92% of your security goals, are 100% compliant, but yet you are still 90% vulnerable to attack... How can that be?

Security Controls

92%

Compliance

100%

Vulnerable to a Breach

90%

Risk Exposure Changes By the Second!

Any org's' risk exposure changes, almost by the second, based not only on changes inside the organisation, but the actions of staff and the discovery of new vulnerabilities and exploits in the wild.
There is a constant balanced scorecard of factors from:

Company attributes, including your base of operations, and sector.
Your products and services, including features, liabilities, licensing and warranties.
Your customers and their usages of your products and services, and therefore the impact to them on a cyber breach, information disclosure or system failure.
The build and tech stack of your products.
The level, currentness and accuracy of any security testing.
Your runtime environments, cloud hosting, geo-locations and 3rd party services.
Your monitoring, incident response, issue remediation and BCP.
What compliance and standards you may have.
All of the human factors of your staff, 3rd party vendors, software developers and of course the bad-guys.

Insurance Needs Assessment.

To benchmark your insurance coverage needs we have a unique process, and pre-built tools to analyze:

The actual costs of downtime to you in the event of a major breach
Customer loss (based on industry stats)
Impact to growth plans and customer acquisition (based in industry stats)
Fines (based on industry, geography and impacted customers)
Professional services (cyber-security, legal, PR, HR)
System patches and upgrades to defences (because if you don’t the damages will be much more impactful when it happens again).

To achieve this we work with you to assess your breach impact now and into the future based on your strategic business plan over the next 5 years, including product and service development, global target markets and target industries.

Risk Reduction, Over Time

To reduce risk and exposure over time, is not a project, nor a product, but requires a long-term, holistic and never-ending approach.
We believe this is best achieved by a range of complimentary activities:

Board and Exec Team Advisory
Cyber Security Maturity
Compliance Mapping
Breach Impact Assessments
Cyber Risk Assessments
Breach Impact Assessments
Incident Response Planning

To achieve this we work with you to assess your breach impact now and into the future based on your strategic business plan over the next 5 years, including product and service development, global target markets and target industries.

Research Articles and Whitepapers

April 2023

Digital Safety

"More human interaction happens in the digital realm than the physical. Software drives our physical world. Are we taking digital safety seriously enough?"

Read more...

Contact

Let's grab a coffee and jump on video call anytime.

info@qubitcyber.com

We want to talk...

We don't do sales, we just like to have a chat, preferably with coffee / beer / wine (or stronger).
We're keen to know:

Any immediate cyber-security issues and concerns you have today.
How you're planning your cyber-security strategy / IT strategy / business strategy over the next few year.
Abut your strategic product and service development, and any compliance and regulation you'll be needing to adhere to.
Have you seriously considered the full immediate and downstream impact of a breach?
About our business risks, business continuity (BCP), incident response (IRP) and disaster recovery (DR) plans.
About our cyber-security insurance posture, and if you're sufficiently covered.

We can guarantee that during an hour's chat we will be able to offer useful guidance and ideas, whether you engage us to help or not.
If after that we seem to be getting along, and you have problems we can fix, then we talk business...

If beer or wine is involved then we'll probably start chatting about DIGITAL SAFETY.
(Teaser:
Our Opinion: "We've failed to secure the internet, email, computers and phones, but for some reason it's OK that we're using exactly the same software development techniques to automate our planes, trains, automobiles, agriculture, industry and medical care."
This is insane!
We can't go a single week without having to patch our devices for security flaws.
This is not how we ensure DIGITAL SAFETY.
So at Qubit Cyber we've drawn a line in the sand.
If SOFTWARE is materially effecting the PHYSICAL WORLD and therefore our SAFETY then we need a new way of thinking.
Developing vulnerable code that needs continuous patching is a broken model...
Funnily enough we have some ideas on how to fix this...)
If this sound like you. If your organisation is developing code and systems that touch the physical world (drones, transport, medical devices, automation) then we really should talk...

Qubit Cyber

"Just like a quantum bit (qubit) your cyber-security posture is in a state of superposition, you can be both secure and vulnerable at the same time. It's only when measured that you truly know..."

We're battle-hardened cyber-security professionals who care about the details.

Our ethos:

"More human interaction occurs in the digital realm, than in the physical realm."

We have moved beyond cyber-security being "the protection of computers and networks". It's now about the serious responsibility to protect our DIGITAL SAFETY.

Consulting Services

Consulting CISO

CISO as a Service

Board and Exec Advisory

Cyber Security Maturity

Compliance Mapping

Risk Exposure

Breach Impact Assessments

Cyber Risk Assessment

Vulnerability Exposure Assessment

Incident Response Planning

Consulting CISO

CISO-as-a-Service

Board and Exec Advisory

Cyber Security Maturity

Compliance Mapping

Risk Exposure Services

Breach Impact Assessment

Cyber Risk Assessment

Vulnerability Exposure Assessment

Incident Response Planning

Cyber-Physical Testing Lab

Autonomous Vehicles

Autonomous Mining

Agri-Drones

Delivery Drones

Aviation Drones

Cyber Insurance

Why Insure?

Real Cyber-Risk Exposure

Security Controls

92%

Compliance

100%

Vulnerable to a Breach

90%

Risk Exposure Changes By the Second!

Insurance Needs Assessment.

Risk Reduction, Over Time

Research Articles and Whitepapers

Digital Safety

Contact

Let's grab a coffee and jump on video call anytime.

info@qubitcyber.com

We want to talk...