Faced with a rising threat environment in which major New Zealand institutions had suffered costly cyber breaches, Gisborne District Council looked to SSS IT Security Specialists for a solution capable of improving its protective posture. With the deployment of SSS Shared Managed Detection and Response Service, the north island’s easternmost council has benefited from expertise and proven round the clock protection while also coming to a stark realisation: there’s a lot more nefarious internet activity out there than meets the eye. The Gisborne District Te Tairāwhiti is a local government area of northeastern New Zealand governed by the Gisborne District Council (GDC), a unitary authority employing around 400 people. GDC provides a full range of council services to a population of around 50,000 people in an area of more than 8,500 square kilometres comprised of the city of Gisborne, multiple smaller settlements, farmland, and rugged mountains and backcountry.

Situation

Having worked in council for more than a decade, GDC Information Technology team leader Peter Moore has seen a lot of change over the years. “When it comes to cybersecurity, it’s gone from the occasional virus to malware of various types, to hackers actively trying to get in,” he says. “The threats and challenges don’t only evolve, they’ve escalated. And that makes it very hard for an IT team, with limited resources and budgets, to cover everything.”

At the same time, he says incidents like the interruption to the Waikato District Health Board and a hack of the NZX heighten awareness of the proximity of cyber security compromise. “We’ve seen New Zealand organisations breached, and we’ve seen how serious the disruption is. It really hits home.”

Concerned that its systems weren’t adequately protected, Moore appreciated the necessity for dedicated expertise. “With everything the IT department needs to do, there wasn’t a sufficient focus on security. After all, we can’t afford a dedicated Network Operations Centre and we can’t afford assigning a person 24/7 to detecting and assessing rapidly emerging threats. As it is, many of our team members are already working long hours.”

Solution

One of the challenges faced by councils around the country is that the medium market isn’t well addressed by security solutions providers, says Moore. “We tend to be at the lower end of the scale in terms of the coverage required. But a colleague recommended SSS as offering a solution which was right-sized, affordable, and delivering comprehensive protection.”

Further investigation confirmed the suitability of SSS’ Shared Managed Detection and Response Service (SMDRS). The Software as a Service solution incorporates multiple threat identification, mitigation and management techniques with around the clock monitoring and reporting for on-premises and cloud environments, resulting in a holistic detection and response service. Moore notes comprehensive coverage of on-prem and cloud assets was a factor in the selection of the solution. “There’s a lot of flexibility which means we can choose what to monitor. SSS worked with us to identify and prioritise high value information sources to monitor– The SMDRS collates information from each source providing a complete view over all our technology. That includes firewalls, switches, servers, and other devices, all of which would have been disparate.”

Rolling out and establishing the service, says Moore, wasn’t without its challenges (it is an IT service in a complex environment, after all), but he has praise for SSS’ delivery teams. Taking around two months, the deployment had SSS assessing GDC’s requirements, scoping the environment, and prioritising data assets. Local agents were installed and configured, with some fine-tuning following.

Moore says there is an element of ‘set and forget’, inasmuch as SSS takes responsibility for the security side of things such as managing the evolving threat landscape. “On our end, there’s room for tweaking as the network changes, which it always will as new premises, devices or workspace changes occur. But once established, we know there is around-the-clock monitoring and detection, and that brings a lot of comfort.”

Results

Asked if the reporting has delivered any interesting insights since going live, Moore responds with a quip: “Interesting? More like mildly terrifying. I’m relatively new to the security space. I knew these threats were out there, but it’s quite astonishing to see just how many attempts there are to get into your networks.”

He’s got the figures. On average each month, GDC experiences 90,000 probing attempts, including 4,500 attempted logins and 200 confirmed attacks. GDC also filters about 100,000 spam emails, of which some 30,000 were phishing attempts. The revelation is that it is happening, and all the time. “This stuff is real, and SMDRS quickly shows just how real,” he adds.

“We also get a lot of value from the automated vulnerability scans. You may think you’ve patched a critical vulnerability, but it’s not uncommon for PC to be turned off or a laptop disconnected from the network when updates are rolled out. All it takes for a compromise is one machine. Constant scans from SMDRS means we don’t have to identify that machine – it’s done for us. And the vulnerability report gives my team a list to follow up and action.”

He cites the Peter Drucker aphorism: ‘If you can’t measure it, you can’t manage it’. “Well now I can do both.”

Backed by SSS, Moore says his team now spends less time on cybersecurity. “It reduces ‘busy work’ and gives time back to my team. Instead, we’re focused on value-adding tasks, and we’re more proactive and less reactive while confident that we’re more secure, with better visibility and comprehensive reporting. It’s quite comforting, really.”

Finally, he has a warning for those who feel they aren’t being targeted by hackers: “If you’re not seeing daily attacks, you have a blind spot.”

Check our SSS's website here.