You don't have to look far to find the headlines.
Cyberattack hits government website. Five Eyes warns of increased cyber threat. Retaliation may include cyberattacks.
Dr Bryce Antony is a senior cyber security engineer for Advantage. As part of Tech Week 22 last week, he gave a look behind the scenes of Advantage's security operations centre (SoC) that is based in Palmerston North.
Unsurprisingly, Tales from the SoC was delivered remotely and no one could see what colour socks the other attendees were wearing.
A SoC is a unit within an organisation that continuously monitors, analyses and improves an organisation's security posture, Antony says.
A SoC responds, detects and protects; it closes the gap between compromise and detection.
In 2017, Advantage rolled out managed security services and managed SoC provision for clients. The SoC has clients from across Australasia and 10 staff, with some in Auckland. It is anticipated the team will grow this year.
"Everything at Advantage is security, we live and breathe this stuff," Antony says.
He has a PhD in cyber security from Auckland University of Technology and is a consulting academic at the University of Auckland. On his LinkedIn profile, he writes he has been a technophile for as long as he can remember. "The intersection of technology and humanity makes our current world vibrant and exciting."
If something untoward occurs the SoC will use a five-step incident management plan. It outlines procedures to manage the situation once an alert is triggered. The situation could be an apparent malfunction, outage, threat or vulnerability alert.
The first step is identification and the second is analysis and prioritisation. The third step is the response to contain the breach and prevent its spread. The fourth step is recovery - getting the client's systems and operations up and running again, and the final step is post-incident review.
During the review staff will discuss what they learned from the incident, undertake a root cause analysis and work to ensure a similar breach won't happen again.
No one wants to experience a security breach, Antony said. It is essential to be prepared, undertake regular vulnerability assessments and equipment/asset management, and staff training.
Antony shared three cautionary tales. The first was about the lack of planning that allowed a threat actor to exploit configuration issues. The company was focused on enabling users without analysing the security risks.
The second tale was about asset control. When the alert was triggered, Advantage was able to isolate the affected servers and identified and isolated the entry point. The organisation responsible for an upgrade had not decommissioned the old equipment and the malicious actor exploited the unpatched old network.
The client needed better asset control. There were also issues with incomplete project scope and sign-off.
The third tale was about passwords. Weak passwords allowed successful brute force when a threat actor was able to uninstall anti-virus software.
When Advantage starts working with a client it will talk to them about the current security state, security concerns and known vulnerabilities. It will then investigate the client's network and security infrastructure. Staff will perform a baseline analysis security audit.
"Security is a journey," Antony says. "It is all about steps in a process."