Hackers are evolving their techniques at a speed which must not be ignored
Organisations need to be prepared, even if they already have a solution, because the threat escalates daily.
By openly sharing our experience, we want to raise awareness of the need for organisations to regularly review their cybersecurity, helping them to prevent, detect, and respond to cyber threats 24/7/365.
No organisation is immune to attacks
Did you know there are 65,000 hacking attempts on SMEs every single day, and that 4,500 of those are successful? (UK Cybersecurity Stats 2020)
Attackers attempt to breach every network. What sets organisations apart is how they respond to an attack. With this is mind, there are 3 things you need to know:
- In July 2022, boxxe experienced a hacking attempt
- We immobilised the immediate threat within 4 hours
Hackers will try attacking you too (it’s inevitable)
Here's what happened
Our SOC (Security Operations Centre) is integral to maintaining the security and smooth running of our daily operations. It’s built using specialist software and an extensive team of experienced Security Analysts that enable us to detect, analyse, report and react to unusual activity.
We configure all SOC software individually, constantly ‘teaching’ each tool to automatically detect and block emerging threats just as quickly as our Specialist Analysts. This helps set us up to handle new threats as they (constantly) emerge.
Our Security Information and Event Management (SIEM) platform (IBM QRadar) is one such customised element, and the starting point of our threat mitigation journey.
QRadar raised an alert – lots of sign-ins were suddenly failing. Using our Okta dashboard (an identity and access management platform), our Analysts found that colleagues were being locked out of certain accounts because a ‘brute-force’ attack was trying (and failing) to breach our security.
Our Analysts linked all events to an automated bot attack, and quickly escalated the situation to a serious incident.
We had to act fast – stop the attacks from getting worse, and ensure no breach could occur – a service and promise we deliver to all of our customers.
- We set up our war room – within 30 mins of the initial alert.
- With all the right people together, we planned our next move and agreed a response fast (communication is key!)
- We also kept an audit of exactly what we did to improve future threat responses, as we do with all our clients.
- We listed the countries that the attacks came from, and programmed Okta to block login attempts from each. This made it much harder for the bot to attempt unauthorised logins.
- We issued company-wide comms to let our boxxers know what was happening, what suspicious activity to be alert for and how/who they should report to.
- After 4 hours the bot ran out of possible attack routes and the threat ended without any successful breaches.
The whole incident was mitigated within 4 hours.
We ‘taught’ our SOC tools to automatically block any similar future attacks by following the same steps our Analysts did to block this attack. We rolled the same update out to protect our clients too, so all had even stronger defences after the attack.
3 takeaways for stopping your next cyber attack
You can't buy an effective SOC straight off the shelf
- Tried and tested software – like QRadar, Okta, Qualis, Microsoft Azure and Sophos – which we continually configure and update to keep us and our clients secure.
- Pre-planned threat response processes – we planned our response ahead of time so we knew exactly who to bring together for fast decision-making and a quick response once the threat was identified.
- Transparent reporting – data means nothing if you can’t extract meaning from it. It’s the quality of data (relevancy) which matters, not the quantity.
If security is an emerging priority for your organisation - start with a detailed security audit. Our free security assessment will even show you how to plug any gaps we find with tools you already pay for.
If your security is well established then make sure to run annual penetration tests (and regularly swap providers for new insights) to spot gaps and keep ahead of new threats.
Speed is everything
You need the tools to identify threats immediately, and the expertise to respond with fast fixes to prevent a successful breach.
Our UK-based SOC delivers 24/7 threat detection and response to ensures that no threat has days, weeks or months to act undetected like in unprotected organisations.
That means no threat has a chance to snowball into years worth of damage.
Someone tried attacking us, it will happen to you too
There are 5.7 million SMEs in the UK, and around 1.6 million of them are hacked each year.
Your organisation doesn’t need to end up on that list.
We provide the same high quality protection to every single client as we benefit from:
Powerful SIEM tools, a team of qualified Security Analysts and expert threat response planning, to quickly handle any threat.
It might seem strange for an organisation to talk openly about when hackers attempt to target our company, but we believe that in order for more people and businesses to be protected, everyone needs to know what happens behind the scenes and, more importantly, what can be done about it.
What happens when you try hacking a security expert?
If you've read about what happened and are interested in:
Simply call us on the number below or complete the form and we will be in touch.