2 minute read
Success Story
by Secon
How we helped a local council identify and mitigate their cyber risks
Despite being a long-standing client, a large district council wanted to gain a deeper understanding of their cyber risk and potential weak points in their defences.
Advertisement
To address these concerns, Secon Cyber conducted a workshop with the local authority to build a high-level view of the state of their cyber security and what it would take for them to achieve best practice. To do this, we assessed three areas and their current level of cyber maturity:
• The ability to protect against cyber criminal activity
• The ability to detect cyber criminal activity
• The ability to recover from a cyber related incident • Endpoint security
What was achieved?
After the workshop, our findings identified a number of high-risk areas within the council’s environment. These included low levels of visibility and gaps in protection that would have made it difficult for the council to establish whether an intrusion had taken place or quickly detect a threat before it caused an operational impact.
Using the information provided by the council, Secon Cyber provided recommendations to improve cyber resilience and reduce the risk of operational impact from cyber criminal activity. We provided recommendations for the following areas:
• Endpoint Security
• Server Security
• Network Security
• Email Security
• Web Security
• Cloud Security
• Identity and Access Security
In particular, Secon Cyber identified that the council needed to focus their attention on improving the protection of their sensitive data and their overall approach to visibility and response.
Despite having email and web gateway solutions with the ability to implement data leak prevention, the different management interfaces made it difficult for the council to implement a unified data leak prevention policy across their entire environment, which left gaps in the visibility and control of their sensitive data.
We recommended the council take a unified approach across all devices and applications
The council lacked centralised log storage and consistent monitoring of their security alerts, which presented an increased risk of an undetected intrusion. In order to address this issue and the council’s lack of visibility, we recommended the council should leverage a security incident & event management (SIEM) solution.
By correlating and monitoring security alerts 24x7, the council would be able to quickly detect genuine security incidents. This also would help them avoid the onerous task of reviewing security alerts from multiple siloed security tools, which could also result in genuine attacks being missed.
By working closely with the council, Secon Cyber was able to create an achievable and pragmatic cyber risk improvement programme that fit within the council’s resource and budget constraints. This included implementing 24x7 security monitoring and response to prevent a breach, saving the council the cost, time, and reputational impact involved with cleaning up a major cyber incident.
During this project we:
• Worked with the council’s IT team to discuss the state of their current cyber security environment and how they were protecting their sensitive data
• Determined the areas the council needed to improve, especially their centralised visibility and monitoring
• Outlined a plan to close the council’s security gaps that considered both their current security investments and budget constraints
• Suggested managed services that could provide 24x7 monitoring and support for the council’s cyber security environment to actively prevent a breach and supplement their internal resource
