Client story

Global Media Organisation

Global Media Organisation

Threat Overview

Phishing attacks are designed to deceive individuals into providing sensitive information such as passwords to a malicious third-party, or into performing actions such as downloading malware designed to give an attacker remote control over the victim’s computer.

In 2012, the UK economy lost £405.8M to phishing attacks, an increase of 25% over the £304.4M list in 2011.

Worryingly, these attacks are becoming increasingly sophisticated, to the extent that often neither the individual nor the organisation to which they belong is even aware that an incident has occurred until it is too late.

The Attack 

On the 12th December 2010, a global financial enterprise was compromised by a phising attack. The attack was highly sophisticated and was carried out over a number of months without the company in question being aware that anything was wrong. Here are the facts:

  • Bank details - Tens of thousands of personal bank details were accessed and stolen.
  • Capital - £2 million from public bank accounts was stolen.
  • One mistake - It took one employee to download harmful malware in order for the attacker to gain access to their entire network

MWR's Approach

MWR's first contact with this financial enterprise was 6 hours after the attack was successfully carried out. MWR immediately contained the attack and restricted any other information from being stolen.

As these types of attacks are becoming more sophisticated, the industry as a whole must improve their understanding of the anatomy of these style of attacks in order to better defend themselves.

Steven, Consultant MWR

Consultation

MWR consulted the corporation and identified the weak points in their network that attackers would look to target, one of which being phising emails.

Education

MWR's approach to improving their phising defence started with company wide educational seminars and tutorials. Helping the employees to understand the nature of phising attacks, how they operate and where they target. MWR worked closely with the employees to tutor and direct each person until they were able to successfully identify malicious phising emails.

Support

After having implemented the training, MWR provided 24 hour support to the company to ensure their defensive strategy remained successful.

The Result

In 5 years since this incident, the financial corporation records no other successful cyber attacks since December 2010. Their defensive strategy has adjusted with the nature of these styles of attacks with the help form MWR. But they agree that the support and training that MWR provide is second to none and has helped their success within the industry.

Phishing 1

More on Global Media Organisation

Industry

Media

+ read more

 

Accreditations

As members of CHECK we are measured against high standards set by CESG for the services we provide to Her Majesty's Government.
We are certified in the ISO 9001 quality management system (QMS) in the UK, ensuring reliable delivery of our products and services.
We are certified to comply with ISO 14001 in the UK, an internationally accepted standard that outlines how to put an effective environmental management system in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR are approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.