What happens when you try hacking a security expert?

What happens when you try hacking a security expert?


Hackers are evolving their techniques at a speed at which must not be ignored. Organisations need to be prepared, even if they already have a solution, because the threat escalates daily.

By openly sharing our experience, we want to raise awareness of the need for organisations to regularly review their cyber security, helping them to prevent, detect, and respond to cyber threats 24/7/365. 


Security Operations Centre

No organisation is immune to attacks.

Did you know there are 65k hacking attempts on SMEs every single day? And that 4.5k of those are successful? (UK Cyber Security Stats 2020)

Attackers attempt to breach every network - what sets organisations apart is how they respond to an attack

With this is mind, there are 3 things you need to know:

  1. In July 2022, we experienced a hacking attempt on our company.
  2. We immobilised the immediate threat within 4 hours.
  3. Hackers will try attacking you too (it’s inevitable).


The Situation

Our SOC (Security Operations Centre) is integral to maintaining the security and smooth running of our daily operations.

It’s built using specialist software and an extensive team of experienced security analysts that enable us to detect, analyse, report and react to unusual activity.

We configure all SOC software individually, constantly ‘teaching’ each tool to automatically detect and block emerging threats just as quickly as our specialist analysts. This helps set us up to handle new threats as they (constantly) emerge. 

Our Security Information and Event Management platform (IBM QRadar) is one such customised element, and the starting point of our threat mitigation journey.

QRadar raised an alert – lots of sign-ins were suddenly failing. Using our Okta dashboard (an identity and access management platform), our analysts found that colleagues were being locked out of certain accounts because a ‘brute-force’ attack was trying (and failing) to breach our security. 

Our analysts linked all events to an automated bot attack, and quickly escalated the situation to a serious incident.

Our response

We had to act fast – stop the attacks from getting worse, and ensure no breach could occur – a service and promise we deliver to all of our customers.

  1. We set up our war room – within 30 mins of the initial alert.
  2. With all the right people together, we planned our next move and agreed a response fast (communication is key!).
  3. We also kept an audit of exactly what we did to improve future threat responses, as we do with all our clients.
  4. We listed the countries that the attacks came from, and programmed Okta to block login attempts from each. This made it much harder for the bot to attempt unauthorised logins.
  5. We issued a companywide comms to let our boxxers know what was happening, what suspicious activity to be alert for and how/who they should report to.
  6. After 4 hours the bot ran out of possible attack routes and the threat ended without any successful breaches.
  7. The whole incident was mitigated within 4 hours.

The Result 

We ‘taught’ our SOC tools to automatically block any similar future attacks by following the same steps our analysts did to block this attack. 

We rolled the same update out to protect our clients too so all had even stronger defences after the attack.

3 takeaways for stopping your next cyberattack


 Lesson #1: You can’t buy an effective SOC straight off the shelf 

There are 3 vital components to highly protective, and proactive, cyber security:

  1. Tried and tested software – like QRadar, Okta, Qualys, Microsoft Azure and Sophos – which we continually configure and update to keep us and our  clients secure.
  2. Pre-planned threat response processes – we planned our response ahead of time so we knew exactly who to bring together for fast decision-making and a quick response once the threat was identified.
  3. Transparent reporting – data means nothing if you can’t extract meaning from it. It’s the quality of data (relevancy) which matters, not the quantity.

Your security posture can’t improve without a clear understanding of where it stands today. 

If security is an emerging priority for your organisation - start with a detailed security audit. Our free security assessment will even show you how to plug any gaps we find with tools you already pay for.

If your security is well established then make sure to run annual penetration tests (and regularly swap providers for new insights) to spot gaps and keep ahead of new threats.

 The Lesson #2: Speed is everything 

You need the tools to identify threats immediately, and the expertise to respond with fast fixes to prevent a successful breach. 

Our UK-based SOC delivers 24/7 threat detection and response to ensures that no threat has days, weeks or months to act undetected like in unprotected organisations. 

That means no threat has a chance to snowball into years worth of damage.

 Lesson #3: Someone tried attacking us, it will happen to you too 

There are 5.7 million SMEs in the UK, around 1.6 million of them are hacked per year.

Your organisation doesn’t need to end up on that list.

We provide the same high quality protection to every single client as we benefit from: 

Powerful SIEM tools, a team of qualified security analysts and expert threat response planning to quickly handle any threat.

Add a subheading-min

 

google-site-verification: google4fc050a79b