Manchester Airport Group (MAG), the U.K.’s largest airport group has stepped up protection against cyber attacks by bringing its security operations center (SOC) in-house.
MAG, which serves more than 60 million passengers annually across Manchester, London Stansted and East Midlands airports, needed a more cost-efficient and effective way to strengthen its security operations and safeguard the business from increasing cyber threats. Working in partnership with independent cybersecurity services company, Bridewell Consulting, the group transitioned from an outsourced to in-house SOC model, increasing real-time activity monitoring on devices and servers from 5,000 to 80,000 events per second.
MAG now benefits from faster, more comprehensive and accurate threat detection and response, with the ability to see and shut down threats within hours. Furthermore, 95% of all servers and devices are now visible to the SOC compared with 70% in the previous model, providing enhanced protection to the company’s 5,000 employees and over 40,000 people who work on-site.
Bridewell began the project with an eight-week pilot scheme hybrid SOC, funded by Microsoft, before scaling to a full-sized in-house model. With a significant percentage of MAG’s staff furloughed due to the pandemic, Bridewell provided a dedicated SOC analyst to help upskill team members, resulting in significant costs savings on training.
“We take cyber security extremely seriously, which is why we wanted to strengthen our defences and gain better autonomy over our protection,” said Tony Johnson, Head of Cyber Security Operations at MAG. “We had the technical capabilities but wanted a partner that had done this before and knew Bridewell had the relevant experience in our sector. The team worked through the pandemic to create and implement the new solution which cuts through the noise to give us an accurate view of our IT estate. We’re now very confident that we’re delivering a better service and can already see the positive outcomes.”
The new model hardens MAG’s defences against the growing scale of cyber attacks against critical national infrastructure (CNI) and the aviation sector in the wake of the pandemic. The biggest impact so far has been against phishing attacks on employees, which have increased over the last 12 months. Replacing cumbersome manual methods, the new solution automatically detects a phishing attempt and checks that nobody has clicked the link, before removing the threat from inboxes across the organization.
According to Bridewell research, aviation is one of the most targeted CNI sectors by cyber criminals with nearly half (45%) of aviation organizations witnessing an increase in cyber attacks since the start of the pandemic. The majority (88%) have detected cyber attacks on their Operational Technology (OT) or Industrial Control Systems (ICS) in the last 12 months, with 95% of these encountering at least one successful attack.
Bridewell was one of the first organizations to be awarded accreditation on the U.K. Civil Aviation Authority’s ASSURE scheme, which aims to protect the U.K. aviation industry against the growing cyber threat.