Cyphra assisted a transport sector organisation after they suffered a security incident involving their Office 365 cloud service. Cyphra helped the client to understand the cause of the issue and to put a managed SIEM service in place to reduce the risk of it reoccurring.
This Transport Sector organisation had suffered a security incident involving Office 365 cloud service that led to a financial loss for a customer. The organisation needed to quickly reduce the risk of further incidents, improve overall governance and address key stakeholder concerns. It was identified that the malicious attack had been initiated some months before the final incident occurred. The lack of any detection capability such as security monitoring and alerting had meant there was no visibility of the issue until after the incident had occurred.
Cyphra conducted an initial analysis to identify the key security improvements for Office 365 to reduce the risk of further misuse. Other line-of-business applications were assessed and a scalable fully managed SIEM service proposed that would address the organisation’s immediate specific needs and allow for future monitoring and alerting requirements to be added later. Cyphra was quickly able to stand up a tailored monitoring service to provide enhanced detection capability on the cloud service that had been the target of the attack. A plan was then agreed with the organisation to implement a more comprehensive service through a phased approach that would provide monitoring and alerting coverage over their key cloud systems and security controls. Within several months a vulnerability scanning service was added to enhance their visibility of any exposures.
Cyphra’s managed 24 x7 service provides the organisation with alerts on key security events that enables them to react immediately to signs of malicious activity and provides regular reports to demonstrate to both the operational and governance teams the current threat profile they are facing. The service has additionally helped to identify patching issues with other third-party managed services enabling them to further enhance their vulnerability management approach. The service together with other security control improvements has demonstrated to the organisational stakeholders that adequate and appropriate steps have been taken to provide better protection and detection from future cyber-based threats.