Article

24 Hours in a Security Operations Centre (SOC)

Originally published in the London Business Matters magazine (LCCI). Read the third of our three part cyber essentials column...

“G’day mate, I see you’ve had a busy one”.

A message appears; our Australian SOC is open and preparing to take over from us in our ‘follow the sun’ routine. Whilst running proactive scans my mind starts to drift to my dinner plans; mmm, yes… I think a quarter duck would hit the spot. Suddenly I’m snapped out of it by a call from AcmeCorp…

client.png We’ve been hacked! I’ve had an email from the hacker; they say that they have everything and want £350,000 or they’ll release our data! They’ve shown me details with our internal department lists that aren’t known elsewhere.

I jump straight into reviewing their logs using our cutting edge Security Information and Event Management (SIEM) tool; we have some of the best technology in the world to monitor their systems, but there is nothing to show they have been hacked. How could hackers steal everything and leave no trace of anything untoward? We gather the cybersecurity incident response team, quickly establishing that nobody had complained about a lack of service; that was until AcmeCorp’s Head of HR spoke up.

client.png Ever since this incident, we haven’t been able to use the Employee Voucher Cloud Service. It’s not connecting, and the website is down.

AcmeCorp hasn’t been hacked; but the cloud service has! The hacker has lied - they only showed us data from that breach. We investigate what data is held by this service, but it’s nothing more than we’ve already seen, thankfully the service was just being tested. I soon discovered that HR had purchased this service without telling anyone else. There had been no review of the provider’s security and they hadn’t investigated how the data they uploaded was handled.

This incident could have been much worse if they had uploaded more data with that provider. AcmeCorp has asked us to review their policies, so we will align them with ISO27001, ensuring there are sufficient safeguards for supplier management. We’ll also lead more training, so everyone understands how serious this could have been and only uses approved services in future.

If you are worried about your security whilst using cloud services or would like to learn how Waterstons helps protect its customers from attacks visit: www.waterstons.com/security

Click here to see the main article

Read Part 2 of this series here

Jisc | Data Matters

26 January 2021

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies. However, you can change your cookie settings at any time. For further information about how we use cookies and how to change your settings, please read our Cookie Notice

I'm fine with this