Comforting and yet mildly terrifying
With Scouter™, the Gisborne District Council is now enjoying expert, round-the-clock protection while also coming to a stark realisation – that there’s a lot more nefarious internet activity out there than you’d ever imagine.
Employing around 400 people and serving a population of around 50,000, the Gisborne District Council (GDC) was concerned that its systems weren't adequately protected.
Having witnessed a number of major New Zealand public sector institutions suffer costly cyber breaches, the Council’s Information Technology team leader, Peter Moore, appreciated the need for dedicated cybersecurity expertise, but lacked the capacity or budget for it.
"With everything the IT department needs to do, there wasn't a sufficient focus on security. After all, we can't afford a dedicated Network Operations Centre and we can't afford assigning a person 24/7 to detecting and assessing rapidly emerging threats. As it is, many of our team members are already working long hours.” he says.
Right-sizing security for the underserved middle
Aware that the ‘medium market’ isn't well served by security solutions providers, Moore says SSS came to his attention.
"We tend to be at the lower end of the scale in terms of the coverage required. But a colleague recommended SSS as offering a shared solution which was right-sized, affordable, and delivering comprehensive protection.”
That solution was Scouter™, a shared managed detection and response service that provides comprehensive, round-the-clock expert cybersecurity, both on-premises and in cloud environments, for around the cost of a single full-time employee.
Comprehensive, hands-off flexibility
Moore cites that comprehensive, yet flexible, coverage of on-premises and cloud assets as a key factor. "There's a lot of flexibility with Scouter™, which means we can choose what to monitor. SSS worked with us to identify and prioritise high value information sources to monitor. Scouter™ then collates information from each source, providing a complete view over all our technology. That includes firewalls, switches, servers, and other devices, all of which would have been disparate.”
Moore says there’s an element of 'set and forget’ with Scouter™. “Once established, we know there is round-the-clock monitoring and detection, and that brings a lot of comfort.” he says
"We also get a lot of value from the automated vulnerability scans. You may think you've patched a critical vulnerability, but it's not uncommon for a PC to be turned off, or a laptop disconnected from the network, when updates are rolled out. All it takes for a compromise is one machine. Constant scans from Scouter™ means we don't have to identify that machine – it's done for us.”
Backed by SSS, Moore says his team now spends less time on cybersecurity. "It reduces 'busy work' and gives time back to my team. Instead, we're focused on value-adding tasks, and we're more proactive and less reactive while confident that we're more secure, with better visibility and comprehensive reporting. It's quite comforting, really."
Revealing threat reality
Scouter™ quickly revealed to the Council just how real the threats it was facing are …and that they are happening all the time.
On average, the GDC experiences 90,000 probing attempts monthly, including 4,500 attempted logins, and 200 confirmed attacks. They also filter approximately 100,000 spam emails, with around 30,000 phishing attempts.
Asked if Scouter’s reporting has delivered any interesting insights since going live, Moore’s response was: "Interesting? More like mildly terrifying. I'm relatively new to the security space. I knew these threats were out there, but it's quite astonishing to see just how many attempts there are to get into your networks.”
But he cites Peter Drucker’s famous quote 'If you can't measure it, you can't manage it'. "Well now I can do both.” he says.
Finally, he has a warning for those who feel they aren't being targeted by hackers: "If you're not seeing daily attacks, you have a blind spot."
