Article

24 hours in a Security Operations Centre (SOC) Part 1

So what happens when you have a managed security team and you accidentally click on a phishing email?...
Back to overview

It’s early as I head into work at Waterstons’ SOC. Not knowing what the day holds is one of the best bits of my job! Settled in and logged on, within seconds a new alert is generated which catches my eye…

At the other end of the country, the FD of one of Waterstons’ clients receives an email. Their business has had many staff on jobkeepers during the Coronavirus pandemic; and an email from ‘ATO’ has important information about the end of the scheme attached.

Opening the link, they’re asked to enter their username and password. The authenticator on their smartphone buzzes, prompting the usual scramble to get it out of their pocket and accept the notification before it expires…

Kieran.png The FD of AcmeCorp doesn’t usually log on to their network from China. I don’t think they’ve even been to China; I know them pretty well from having worked with them. Better play it safe. The SIEM tool has identified the phishing email, so I’m sure it’s not a false alarm!
I quickly disable the FD’s account. They wouldn’t be happy if they really were in China, but I think I’m safe. I log on to the client’s network and kill all open connections from that account too. Better force a password reset whilst I’m about it and tell my colleague, their security manager, what happened.

client.png Can’t get connected? Don’t know why, but now the system wants me to change my password. The phone’s ringing and that’s a welcome distraction.
It’s Waterstons... What do they want?

Kieran.png The FD was understanding of our actions; they suspected something was wrong, but without flashing red lights on their system didn’t do anything and quickly forgot about it. The security manager explained what had happened, and that the email they received wasn’t from ATO at all.

client.png That could have been embarrassing! Luckily no significant damage and no loss to the business.
This year has been hard work on cyber security. We started with the ACSC ‘Essential Eight’ and the NCSC ’10 Steps to Cyber Security’. Lots of questions about our technology and how we manage users and data… instrumental guidance for us all.
The training we had was fantastic, making it clear to everyone they had a part to play in keeping AcmeCorp secure. I had to take it seriously, it’s my job to make sure the business is thriving and profitable, so I’m glad I had Waterstons’ SOC to support me today.
Just goes to show, the ‘Human Firewall’ still makes mistakes no matter how good the technology is… but it proved the effort was worthwhile.

To read more on how Waterstons Australia's SOC and Cyber specialists help businesses combat evolving threats just like this one, see: www.waterstons.com/security

Contact our Australian colleagues for help here.

Read Part 2 here
Read Part 3 here

Related thinking

LCCI | Cyber Briefing

22 April 2021

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies. However, you can change your cookie settings at any time. For further information about how we use cookies and how to change your settings, please read our Cookie Notice

I'm fine with this