Article

24 Hours in a Security Operations Centre (SOC)

Originally published in the London Business Matters magazine (LCCI). Read the second of our three part cyber essentials column...

Kieran.png I return to my desk coffee-less; the machine now a forbidden treat locked behind a COVID-19 restriction. I kid myself that it’s ok, and it’s probably a good thing for my health. Sat down, back in front of my screen, I’m monitoring alerts when a critical incident flashes up…

AcmeCorp recently acquired a business they urgently needed in their portfolio but chose not to undertake due diligence on the technology in use. They are just beginning to understand the state of the IT infrastructure, but are about to have a rude awakening to the risks that they are now carrying...

AcmeCorp was continuously growing, a new business being acquired every few months. Typically, they’d commission Waterstons’ mergers and acquisitions team to undertake IT due diligence and an integration programme, but AcmeCorp decided they “needed the business yesterday” and rushed it through. There was something about Cyberdyne Systems they couldn’t let go. Their intellectual property was going to revolutionise the entire organisation, maybe even the world.

Malware detected! AcmeCorp’s systems have detected ransomware; a vicious malware variant which encrypts all your data. Thankfully AcmeCorp has excellent detection for malware. Even if that failed, their data is backed up in Waterstons’ datacentre; isolated from their central systems, secure, and ready to be restored in case of a disaster.

I look to find the source of the attack, the compromised system that sent it over to AcmeCorp. It’s not good news - it’s emanated from their new acquisition, Cyberdyne! We cut off our connection to their network. Breaking the news to AcmeCorp’s MD is NOT going to be easy…

Cyberdyne’s data has just… gone? There’s no way of getting it back? This is a disaster; their cybernetics research was going to change the world! This particular piece of ransomware took advantage of an old Windows Server vulnerability that had long been fixed with a patch… A patch that AcmeCorp had installed as part of their Cyber Essentials Plus certification, but a patch that Cyberdyne was missing. This is a significant setback for AcmeCorp, but it could have been a catastrophe if we’d lost AcmeCorp’s data too.

client.png Thank goodness we had patched our servers to meet the Cyber Essentials Plus criteria. It meant we were protected from this particular attack and many others like it. It just shows how we need to be on top of all our security. I will be speaking to our suppliers next, I need to make sure that they are looking after our data like we do…

To learn more about how Waterstons help protect customers from attacks like these, visit: www.waterstons.com/security

Click here to see the main article

Read part 1 of this series here

Jisc | Data Matters

26 January 2021

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies. However, you can change your cookie settings at any time. For further information about how we use cookies and how to change your settings, please read our Cookie Notice

I'm fine with this