Avoiding future phishing attacks requires smart people and expensive technology to analyse server logs says David Jones, head of security at the BBC.
In his keynote presentation at InfoSecurity Europe 2014, Jones discussed how the organisation handled an attack by the Syrian Electronic Army.
Following the attack, he said: “We ran a rewind session, and took time and effort to start to design remediation.”
He admitted that most of the work involves pattern matching. “It requires very smart people and expensive technology. For incident management you have to manage logs so storing and retaining logs is absolutely key.”
The BBC has outsourced a large amount of IT, and Jones said it was extremely important to involve outsourcer in tackling an attack and the post-mortems.
The BBC also has an incident commander who can make quick decisions and is the main contact to work with the external affairs team.
He said: “We work with colleagues and third parties to understand our environment and have very thorough service mapping.” Keeping secure is both a technological and human issue, he added.
“Normally support is not always there so it is important to understand weak points.”
He urged delegates to avoid blame culture especially in situations where people have tried to act in the best interest of the organisation.
To combat future attacks, Jones said the BBC has created a flag pole. “This enables us to say we have a phish attack and we can block the phishing attack domain, then set a search to delete phishing messages from inboxes.” While such an approach works on desktops and laptops, Jones said it is still necessary to in touch with mobile users, as mobile devices are generally outside the control of corporate IT.
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK