Blog

Responding to Cyber Attacks: Insights from Our Engineering Team Manager, Wes Parton 

Software04 Oct 20243 mins

As part of Cybersecurity Awareness Month this October, we sat down with Wes Parton, our Engineering Team Manager, to discuss how our cybersecurity team responded to a recent cyber threat. Thanks to their expertise and quick action, the incident was swiftly mitigated, ensuring minimal disruption for the client. In this interview, Wes shares insights into how the team handled the situation and the lessons learned from the experience. 

Can you describe the type of cyber threat that was encountered?  

 Wes: Our client was targeted by a sophisticated, multi-stage attack.  The attackers managed to access the network perimeter and stealthily moved around, seeking out vulnerable systems. We intercepted them as they were trying to establish a foothold that would allow them to maintain access even if their initial entry point was removed. 

 How did our team first become aware of the incident?  

 Wes: We were first made aware when our Support Desk received a Critical Incident notification from our Endpoint Detection & Response (EDR) platform.  

What steps did you and the team take to contain the threat?  

 Wes: By the time our Service Desk received the notification from the EDR – this had been escalated to our 24/7 Security Operations Centre (SOC) team. The entire organisation was placed in Isolation to ensure there was no possibility of further movement. One of the NetMonkeys' Directors was in a meeting, off site with the clients Finance Director at the time. The FD’s devices were isolated even though they were in a third party location. Any user, regardless of being in the office, at home or in a hotel lobby somewhere would have been isolated and protected from the threat of an attack.  

Thorough investigation to determine the point of entry was completed and immediately, the nominated Security practitioner ensured any threat/access was removed to ensure no further access was possible.  

How did you ensure there was minimal disruption to the client’s operations while resolving the issue?  

 Wes: Following thorough investigation and remediation/mitigation work, to reduce the impact to the customer and enable day-to-day working business, we began gradually removing specific areas from Isolation and continued to monitor until all areas had been deemed safe. 

Were there any tools or techniques that particularly stood out as effective during the resolution process?  

 Wes: Having a solid Cyber Incident Response plan was invaluable and allowed us to work through the incident with thoroughness and efficiency, providing our Incident Response Team a clear roadmap to follow. It goes without saying that our EDR and the SOC team assisted in capturing and halting the malicious actions at recon stage was amazing to see. Thanks to the processes and the implementation of an EDR solution, this incident was caught, mitigated and resolved in less than a single working day and removed the need to rely on the full disaster recovery solution. 

How long did it take to fully resolve the issue from detection to mitigation?  

Wes: From detection (two hours into the working day), we had the organisation back up and running by the end of the working day. Continuous monitoring and follow up recommendations were ongoing, but business as usual had resumed.  

What role does regular system monitoring and maintenance play in identifying and handling cyber threats like this?  

 Wes: Regular system monitoring and maintenance play a critical and crucial role in the detection and handling of cyber threats with a heavy focus on early detection, threat identification and mitigation. Imagine trying to find a needle in a haystack. Regular monitoring and maintenance are like keeping the haystack organised. It makes it much easier to spot any suspicious activity. Plus, keeping systems up-to-date helps prevent vulnerabilities that attackers can exploit 

What advice would you give to businesses to improve their cybersecurity posture and prevent similar attacks?  

 Wes: Investing in a strong, well-structured and comprehensive Cybersecurity framework is essential. This includes implementing policies, procedures and technologies.  

Conducting regular risk assessments to identify vulnerabilities and areas of concern. 

Invest in your Employee training – being able to recognise threats or suspicious activity is a tool in-itself.  

 How can companies ensure their teams are well-prepared to handle cyber attacks quickly and effectively?  

 Wes: Regular training and simulations are key. The more we practice, the faster and more efficiently they can act when faced with real incidents. 

 What are some common misconceptions businesses have about cybersecurity that could make them vulnerable?  

Wes

  • "It won't happen to me": A common misconception is that small businesses or those in low-risk industries are immune to attacks. 
  • "We have antivirus software, so we're safe": Antivirus software is essential but not sufficient to protect against all threats. 
  • "We can't afford cybersecurity": The cost of a breach can far outweigh the cost of prevention measures. 

What trends in cyber threats should businesses be aware of in the near future? 

Wes: 

  • AI-powered attacks: Malicious actors are increasingly using AI to automate attacks and evade detection. 
  • Supply chain attacks: Targeting third-party vendors to gain access to their customers. 
  • Ransomware as a service: The availability of ransomware tools is making it easier for attackers to launch attacks. 

Cyber threats continue to evolve, so does our ability to respond. As Wes highlighted, vigilance and having the right protocols in place make all the difference. At NetMonkeys, our priority is to stay ahead of potential risks and ensure our clients can operate securely. As we focus on Cybersecurity Awareness this month, we encourage all businesses to regularly review and update their cybersecurity strategies to keep their operations safe