Home / Services / Cybersecurity
Cybersecurity

Cybersecurity centred on protection, evidence and recovery

Modern security is judged by what you can prevent, what you can evidence and what you can recover. We improve the operating position across identity, endpoints, email, cloud platforms, networks, backups, recovery and monitoring, with managed security operations, Essential Eight-aligned uplift and evidence that satisfies insurers, boards and clients.

Protection you operate daily. Evidence you can hand over.

Operate across
Microsoft 365 · Entra ID · Conditional Access · Endpoint and EDR · 24/7 SOC · 24/7 MDR · Essential Eight · Business email compromise · Penetration testing remediation · Immutable backup
Cybersecurity services

Practical cybersecurity support across operations, recovery, evidence and review

Most cybersecurity conversations start with a practical concern: alerts are not being reviewed, backups have not been proven, Essential Eight maturity needs evidence, or exposure needs a clearer operating view.

Inlight IT helps identify the right starting point, then supports the work through practical engineering, operational discipline and evidence that can be used.

Managed Cyber Security

Managed Cyber Security provides the operating layer around security controls. It connects monitoring, alert triage, Microsoft 365 posture, identity, endpoint visibility, response coordination and reporting into a managed security discipline.

For organisations that need deeper coverage, Inlight IT can provide MDR and SOC-backed operating depth, broader telemetry and faster investigation of higher-severity security events.

Best when tools exist but ownership is unclearExplore Managed Cyber Security →
Backup and Disaster Recovery

Backup and Disaster Recovery covers the resilience side of cybersecurity. It looks beyond whether backup jobs are completing and considers whether critical systems, Microsoft 365 data, identity and operating access can be recovered under real conditions.

The work can include backup architecture, Microsoft 365 backup, immutability, restore testing, identity recovery, Cyber Recovery Time and recovery evidence.

Best when backups run but recovery is unprovenExplore Backup and Disaster Recovery →
Essential Eight Assessment

Essential Eight Assessment gives organisations a clearer maturity position against the ASD Essential Eight. It is useful where insurance, procurement, audit, governance or internal uplift planning requires evidence rather than self-assessment.

The work focuses on whether controls are implemented, whether they are operating consistently, where evidence exists, where gaps remain and what should be remediated first.

Best when you need evidence, not self-assessmentExplore Essential Eight Assessment →
Cybersecurity Review

Cybersecurity Review is suited to organisations that know something needs attention, but the right scope is not yet clear.

The concern may involve Microsoft 365 security, identity, business email compromise, payment verification, endpoint posture, privileged access, recovery, penetration testing scope or a mix of technical and procedural risk. The review helps identify where the exposure sits and what should be addressed first.

Best when the concern crosses several areasExplore Cybersecurity Review →
How the areas connect

Cybersecurity needs to be operated, evidenced and recoverable

Cybersecurity usually starts with controls: MFA, endpoint protection, email filtering, patching, access policies, security tools and alerting. These controls reduce exposure and make compromise harder. But the operating position matters as much as the tools, and controls, evidence and recovery are connected in practice.

CONNECTED IN PRACTICE: IDENTITY · MICROSOFT 365 · BACKUPPREVENT and OPERATEIdentity · Microsoft 365Endpoints · email securityMonitoring · alert triageEVIDENCE and MATURITYEssential Eight maturityControl and audit evidenceInsurance and governanceRECOVERY and RESILIENCEMicrosoft 365 backupImmutable architectureRestore testing · RTOONE OPERATING ENVIRONMENT: OPERATED, EVIDENCED, RECOVERABLE
The Inlight operating model: controls, evidence and recovery on one environmentIdentity and Microsoft 365 cut across all three

Cyber Recovery Time means the practical time it would take to restore identity, systems, data and operating access after a cyber incident or major disruption.

These areas are connected. Identity affects recovery. Microsoft 365 affects exposure and backup. Business email compromise crosses technology and finance workflow. Penetration testing is most useful when the scope is clear.

Capability at a glance

Cybersecurity with depth, evidence and recovery confidence

24/7
SOC options
SOC-backed monitoring options for organisations that need security events reviewed, triaged and escalated outside business hours.
24/7
MDR options
Managed detection and response options across endpoints, identities and security alerts, with escalation where investigation or remediation is required.
2,000+
Endpoints supported
Cyber and endpoint visibility across managed devices, users and environments.
150+
Sites supported
Distributed, regional and multi-site organisations.
Microsoft 365 and Entra ID security

Security review and hardening across identity, Conditional Access, admin roles, mailbox exposure and tenant visibility.

Privileged access MFA protected

MFA reviewed and enforced across administrator, privileged, remote access and sensitive access paths.

Essential Eight-aligned uplift

Practical uplift across MFA, patching, application control, admin privileges, endpoint hardening and evidence.

Backup and recovery evidence

Backup success, restore testing, immutable architecture, Microsoft 365 backup, identity recovery, RTO and RPO reviewed against risk.

Common starting points

Where organisations usually need cybersecurity support

The concern is usually practical, but the cause often crosses systems.

01Security tools are in place, but ownership is unclearManaged Cyber Security

The organisation may have Microsoft 365 security controls, endpoint tools or alerts, but no clear operating rhythm around review, triage, escalation, reporting and improvement.

Best fit: Managed Cyber Security →
02Essential Eight evidence is neededEssential Eight Assessment

An insurer, customer, board, audit process or internal governance conversation may require a maturity position that can be supported with evidence.

Best fit: Essential Eight Assessment →
03Backup exists, but recovery confidence is unclearBackup and Disaster Recovery

Backups may be configured, but Microsoft 365 backup, restore testing, identity recovery, immutability, dependency order or Cyber Recovery Time may not be fully understood or evidenced.

Best fit: Backup and Disaster Recovery →
04The concern crosses several areas, or the scope is unclearCybersecurity Review

The issue may span Microsoft 365 security, identity, endpoint posture, mailbox exposure or penetration testing scope, and the right starting point is not yet obvious.

Best fit: Cybersecurity Review →
05Privileged access or admin accounts need reviewEssential Eight Assessment

Global admins, domain admins, service accounts, shared logins, legacy permissions and standing access can become the most serious exposure in an environment, and often need tightening, separation and stronger MFA before anything else.

Best fit: Essential Eight Assessment →
06Business email compromise or payment workflow risk is a concernCybersecurity Review

Mailbox rules, payment redirection, supplier impersonation and weak verification steps create financial and reputational risk that sits across email security, identity and finance process, not technology alone.

Best fit: Cybersecurity Review →
Cyber exposure points

Where cyber risk usually shows up

Cyber exposure rarely sits in one isolated category. It usually appears where users access systems, where Microsoft 365 is configured, where email and payment workflows operate, where endpoints are monitored, and where backup and recovery assumptions have not been tested.

Exposure registerSYD --:--
Exposure 01Security tools are in place, but ownership is unclearMicrosoft 365 controls, endpoint tools or alerts may exist, but no one is consistently reviewing, triaging, escalating, reporting and improving the security position.
Exposure 02Essential Eight evidence is neededAn insurer, customer, board, audit process or internal governance discussion may require a maturity position that can be supported with evidence.
Exposure 03Backup exists, but recovery confidence is unclearBackups may be configured, but Microsoft 365 backup, restore testing, identity recovery, immutability, dependency order, RTO or RPO may not be proven.
Exposure 04Business email compromise is a concernMailbox rules, external forwarding, payment redirection, supplier impersonation, executive exposure and weak verification steps create risk across email, identity and finance workflows.
Exposure 05Privileged access needs tighteningGlobal admins, domain admins, shared admin accounts, service accounts and standing access can create serious exposure if they are not reviewed, separated and protected.
Exposure 06The concern crosses several areasThe issue may span Microsoft 365 security, identity, endpoint posture, mailbox exposure, recovery, payment workflows or penetration testing scope, and the right starting point is not yet clear.

Protection you operate daily. Evidence you can hand over.

How we work

We connect exposure, controls, evidence and recovery

Cyber risk is shaped less by which tools are deployed than by how the environment is configured, accessed and operated. A Microsoft 365 setting, an admin account, an endpoint alert, a backup platform or a payment approval process may look separate on paper, but in practice they affect the same risk position.

We look across the connected environment so the work is not reduced to a checklist, a tool deployment or a generic assessment. The goal is to understand where exposure sits, which controls are actually operating, what can be evidenced, and whether the organisation could recover if something went wrong.

01

Map the operating environment

We review the systems and workflows that shape the exposure path: identity, privileged access, endpoints and the platforms behind them.

The point is to understand the real environment, not just the technology inventory.

02

Identify the exposure path

We look at where compromise, disruption or control failure could realistically occur.

That may involve identity exposure, mailbox compromise, weak privileged access, endpoint coverage gaps, payment-verification weakness, backup assumptions, missing evidence or unclear response ownership.

This step helps separate visible symptoms from the actual exposure path.

03

Validate control operation

We assess whether the relevant controls are present, configured properly and operating consistently.

That can include MFA, Conditional Access, admin roles, endpoint protection, alert triage, mailbox rules, external sharing, backup immutability, restore testing, monitoring, escalation and documentation.

A control that exists but is not monitored, evidenced or maintained is not the same as a control the business can rely on.

04

Build evidence and recovery confidence

Where the work involves Essential Eight, cyber maturity, insurance, audit, procurement or governance, the output needs to be defensible.

Where the work involves backup and recovery, the focus is whether identity, data, systems and operating access can be restored under real conditions.

The result should give leadership a clearer view of risk, priorities, evidence and recovery confidence.

05

Operate and improve

Cybersecurity is not complete when an assessment is issued or a tool is deployed.

Controls need review, alerts need triage, gaps need remediation, backup needs testing, privileged access needs oversight, Microsoft 365 changes need governance, and evidence needs to stay current as the environment changes.

We support cybersecurity as an operating discipline, not a once-off exercise.

Why Inlight IT

Practical cyber support from a team that understands the operating environment

We are a strong fit where cybersecurity needs to be practical, defensible and connected to the way the environment actually operates. Our work brings together Microsoft 365, identity, endpoints, email, backup, recovery, evidence and operational security controls.

01

Controls considered in context

Identity, Microsoft 365, endpoints, email, privileged access, backup and recovery are connected in real environments. We assess and operate controls with that dependency in mind.

02

Microsoft 365 and identity depth

Many cyber risks now sit inside Microsoft 365 and Entra ID. Conditional Access, MFA methods, mailbox rules, external sharing, app consent, privileged access and tenant visibility all affect exposure, evidence and recovery.

03

Evidence that can be used

We support Essential Eight assessment, cyber maturity evidence and recovery evidence where insurers, customers, audit processes or internal governance need a position that can be defended.

04

SOC-backed depth where required

Where organisations need deeper security operations, Managed Cyber Security can include SOC-backed operating depth, broader telemetry and faster investigation of higher-severity security events.

05

Business email compromise and workflow risk

Business email compromise usually crosses technical controls and finance workflow. We look at mailbox exposure, identity controls, executive risk, supplier payment changes and verification discipline together.

06

Recovery confidence, not backup assumptions

Backup jobs completing is not the same as recovery confidence. We help organisations review backup architecture, Microsoft 365 backup, immutability, restore testing, Cyber Recovery Time and recovery evidence.

Common questions

Practical questions about cyber risk, evidence and recovery

Where should a business start with cybersecurity?

A practical starting point is to understand the current exposure across identity, Microsoft 365, endpoints, patching, backups, remote access, admin privileges, logging and user behaviour.

The first step does not need to be a large cyber program. It should identify the most important risks, what is already in place and what needs to be fixed first.

What is included in cybersecurity services?

Cybersecurity services can include managed security operations, SOC-backed monitoring and MDR, alert triage, Microsoft 365 and identity hardening, endpoint protection, Essential Eight assessment and uplift, backup and recovery readiness, business email compromise review, privileged access review and incident response readiness.

Every engagement is scoped so the organisation knows what is monitored, what is reviewed, what is evidenced and what requires separate project work.

Is Backup and Disaster Recovery part of cybersecurity?

Yes. Backup and Disaster Recovery are part of cyber resilience, especially for ransomware, accidental deletion, malicious activity, system failure and cloud misconfiguration.

A business should know what is protected, how often it is backed up, who can restore it, how long recovery would take and whether recovery has been tested.

What is the difference between Managed Cyber Security and a Cybersecurity Review?

A Cybersecurity Review is a point-in-time assessment of current risks, controls and gaps. It helps the business understand where it stands and what should be prioritised.

Managed Cyber Security is ongoing operation. It may include monitoring, endpoint security, alert review, vulnerability management, control maintenance, backup visibility and escalation.

When is an Essential Eight Assessment the right starting point?

An Essential Eight Assessment is useful when the business needs a structured view of cyber maturity, especially for cyber insurance, board reporting, client assurance or governance requirements.

It gives a practical framework across application control, patching, Microsoft Office macro settings, user application hardening, admin privileges, MFA and backups.

Do you help with Microsoft 365 security and business email compromise?

Yes. Microsoft 365 security is one of the most important cyber areas for many businesses because email, identity, Teams, SharePoint, OneDrive and admin access are closely connected.

A practical review should consider MFA, conditional access, admin roles, mailbox rules, external forwarding, audit logs, Defender settings, risky sign-ins and external sharing.

Where business email compromise is a concern, the review should also consider mailbox rules, external forwarding, supplier payment changes, executive exposure and verification workflows.

What evidence do cyber insurers usually expect?

Cyber insurers often ask about MFA, endpoint protection, backups, patching, privileged access, remote access, logging, email security and incident response.

The risk is answering insurance questions without clear evidence. Businesses should be able to produce practical records, such as settings, reports, access reviews, backup status and control summaries.

Insurers increasingly want practical evidence that controls are implemented, monitored and recoverable systems are understood, not only yes/no answers on a questionnaire.

How do we know if we could actually recover from a cyber incident?

The business needs to review and test recovery, not just assume backups are working. That includes knowing which systems are critical, what data is protected and how quickly it can be restored.

A recovery readiness assessment helps answer the practical question: if a serious incident happened tomorrow, what would we restore first, how long would it take and what could stop recovery?

Recovery testing should usually include annual disaster recovery validation, quarterly testing for critical systems and more frequent restore checks for mission-critical workloads where required.

Work with Inlight IT

Strengthen your cyber position with clearer evidence and recovery confidence

If identity, Microsoft 365, Essential Eight or recovery evidence is creating uncertainty — start here.

Prefer email? contact@inlightit.com.au