Interview Hacking an airport conjures mental images of Bruce Willis blockbusters, hijacked planes, and a moody hacker-in-a-hoodie wreaking havoc from some undisclosed location.
But in reality, securing the network of one of the UK’s busiest airports is little less than Hollywood.
Tony Johnson, head of security operations at Manchester Airport Group (MAG), told The Daily Swig: “It’s not like it appears in the movies.”
“Don’t get me wrong. We’ve got some incredibly sophisticated looking phishing campaigns — you know, some of them come [in my inbox] and I’m even hovering over it because it looks legit and I’m not 100% sure.
“But in regular day-to-day threats, I think the biggest one we often see is phishing because it is such an easy win for attackers.
“It’s fully automated, they’ve got no one in a dark dungeon trying to get into our environment, and it’s an easy one you can get to millions of recipients in a second. So that’s the big one we managed. are doing.”
As anyone working in threat prevention will know, attacks are often easier to defend against – especially in a large business or organization.
MAG, which manages Manchester Airport, East Midlands Airport and London Stansted Airport, has an estimated 40,000 employees working at these different locations.
MUST READ Making justice safe again: How New Jersey courts dealt with the rush of remote working at the start of the COVID-19 pandemic
To reduce the risk of successful social engineering attacks, the group’s Security Operations Center (SoC) provides ‘nano training’ – a series of short tutorials – on a monthly basis.
“They are small, bite-sized and web-based – it usually takes two minutes to do, and we are constantly reinventing everything.
“So you’re thinking before you click, thinking about spam, are you sure it’s the same person they claim to be, and things like GDPR and data protection.
“This is a broad spectrum of potential risks to the organization in terms of cyber attacks.”
Read the latest news about phishing attacks
He also repeats to coworkers: “If you’re not sure, ask.”
Johnson said that although the training is not mandatory, the simplicity of the material has a strong uptake.
He added: “I think it was a deliberate decision not to make it mandatory because [when it happens], it becomes a kind of work.”
The biggest threat to airports is phishing campaigns, says Johnson The biggest threat to airports is phishing campaigns, says Johnson
In recent years, critical national infrastructure, including airports, has become an attractive target for hackers.
While customer data is a potentially big earner for cybercriminals, Johnson said he believes attackers are primarily trying to gain insight into organizations’ networks.
“In my opinion, what they are trying to do is to gain a foothold,” he said.
“If they get a foothold, they get a handling in your outfit, they may choose to never use it. But it’s quite possible that once they’ve got it, they’re the first to go straight to the dark. Go on the web and see if anyone else is interested in getting a foothold in Organization X.
“I think mostly it’s about trying to get that connection. And if we [SOC] weren’t paying attention, you know, you’d be surprised what they can do.”
“It comes down to the fact that we are part of the UK’s critical national infrastructure and we are a good target, if you can stop planes from taking off, you’re going to get the news,” he said. , saying that “getting their name out there” is a big motivator for international cybercrime units.
MAG recently moved all its cyber security functions from external management to internal control.
Johnson explained that in addition to the cost-saving bonus, the new team has greater visibility on its network and is able to streamline policies and procedures for the organization.
Asked whether the group planned to make such an effort because of the reduction in traffic levels due to the coronavirus pandemic, Johnson said the timing was only accidental.
“It was a coincidence, but it was also a happy coincidence,” he told The Daily Swig.
Read Bad education: Universities struggle to defend against rising cyber attacks during coronavirus pandemic
They had already made the decision to move in-house, which coincided with travel restrictions, after a deal with a previous third-party provider was concluded.
MAG spoke to colleagues at another airport who had worked with security consultant Bridwell, who had been brought in to oversee the change.
With the help of Bridwell, MAG implemented new measures and protections, including migration to the Microsoft Security Stack.
Johnson said he has “invested heavily” in the software and can now forward about 80,000 data events per second.
The organization manages several airports across the UK The organization manages several airports across the UK
Fortunately, due to the low amount of foot and air traffic on campus, the move was probably easier than thought.
“Where we had some advantages, there are things like 200 servers that would need a reboot.
“[Before the pandemic] it would have been a really complicated process logistically because you have to fit in with the passenger flow.
“It can take weeks [at first] to settle business downtime.
“The really cool thing was that it meant we could massively accelerate the program in terms of deploying it.”