Sign up to receive updates for the latest tech thought leadership insights, videos, and podcasts.
LegalCo*, a law firm in Cardiff, challenged ROCK to deploy SOC to secure its systems and data. Much of the firm's data was categorised as personal, sensitive and confidential and it recognised that a data breach could destroy their reputation and cost them significantly.
LegalCo challenged ROCK to strengthen its defences against potential cyber security attacks.
In strategic partnership with LegalCo, ROCK worked to learn about how its processes, systems and data supported its operations and how certain threats might impact the organisation. A single point of visibility for all potential threats was established to help in identifying weak links in LegalCo's defences.
It was discovered that LegalCo's disaster recovery and backup processes meant that if a data breach occurred, the most recent version of their data could not be recovered.
ROCK performed a series of tests wherein our engineers imitated the likely actions of cyber criminals. These were conducted both remotely and on-site, revealing several flaws that needed to be addressed. It was discovered that employees' lack of education in cyber security posed one of the strongest threats and this alongside poor anti-virus and firewall configuration meant phishing emails were highly likely to cause security issues.
ROCK worked with LegalCo to visualise its security threat landscape, including: endpoints, servers, software, services, traffic and processes so these assets could be configured in SOC proactive monitoring tools and analysed for threat 24/7/365. Proactive monitoring identified 13 potential threats in the first year and defended against them before an issue occurred.
Employees were educated on cyber security best practices. This included information on how to verify emails as secure and how to identify phishing emails and fake websites. An ad hoc project was undertaken to include employee education videos and tutorials in the onboarding process so all new employees benefitted from the same education.
*We value our clients and their right to a confidentiality. While the name has been altered, the results are real.