How ROCK's Security Operations Centre protected a law firm's data

At a glance

• SOC 24/7/365 proactive cyber security monitoring identified and prevented 13 potentially serious threats in the first year
• Employee cyber security education automated within the employee onboarding process
• Automated backup and disaster recovery processes implemented to cover worst-case scenarios

The situation

LegalCo challenged ROCK to strengthen its defences against potential cyber security attacks.

In strategic partnership with LegalCo, ROCK worked to learn about how its processes, systems and data supported its operations and how certain threats might impact the organisation. A single point of visibility for all potential threats was established to help in identifying weak links in LegalCo's defences.

It was discovered that LegalCo's disaster recovery and backup processes meant that if a data breach occurred, the most recent version of their data could not be recovered.

ROCK performed a series of tests wherein our engineers imitated the likely actions of cyber criminals. These were conducted both remotely and on-site, revealing several flaws that needed to be addressed. It was discovered that employees' lack of education in cyber security posed one of the strongest threats and this alongside poor anti-virus and firewall configuration meant phishing emails were highly likely to cause security issues.

Recommendations

• Automate backup and recovery processes to produce three redundant copies of data on cloud daily, and implement manual processes for storing copies of data off-site on a hard drive
• Educate current employees on workplace cyber security best practice and include automated education in employee onboarding process
• Install optimum anti-virus software on all relevant endpoints and configure network firewall to restrict unwanted traffic

Outcome

ROCK worked with LegalCo to visualise its security threat landscape, including: endpoints, servers, software, services, traffic and processes so these assets could be configured in SOC proactive monitoring tools and analysed for threat 24/7/365. Proactive monitoring identified 13 potential threats in the first year and defended against them before an issue occurred.

Employees were educated on cyber security best practices. This included information on how to verify emails as secure and how to identify phishing emails and fake websites.  An ad hoc project was undertaken to include employee education videos and tutorials in the onboarding process so all new employees benefitted from the same education.

*We value our clients and their right to a confidentiality.  While the name has been altered, the results are real.