Manchester Airport Group (MAG), the UK’s largest airport group serving more than 60 million passengers annually across Manchester, London Stansted and East Midlands airports, has brought its security operations centre (SOC) in-house to safeguard the business from increasing cyber threats.
Working in partnership with independent cyber security services company, Bridewell Consulting, the group transitioned from an outsourced to in-house SOC model, increasing real-time activity monitoring on devices and servers from 5,000 to 80,000 events per second.
MAG now benefits from faster, more comprehensive and accurate threat detection and response, with the ability to see and shut down threats within hours. Furthermore, 95 per cent of all servers and devices are now visible to the SOC compared with 70 per cent in the previous model, providing enhanced protection to the company’s 5,000 employees and over 40,000 people who work on-site.
Bridewell began the project with an eight-week pilot scheme hybrid SOC, funded by Microsoft, before scaling to a full-sized in-house model. With a significant percentage of MAG’s staff furloughed due to the pandemic, Bridewell provided a dedicated SOC analyst to help upskill team members, resulting in significant costs savings on training.
“We take cyber security extremely seriously, which is why we wanted to strengthen our defences and gain better autonomy over our protection,” says Tony Johnson, Head of Cyber Security Operations at MAG.
“We had the technical capabilities but wanted a partner that had done this before and knew Bridewell had the relevant experience in our sector. The team worked through the pandemic to create and implement the new solution which cuts through the noise to give us an accurate view of our IT estate. We’re now very confident that we’re delivering a better service and can already see the positive outcomes," Johnson adds.
The new model hardens MAG’s defences against the growing scale of cyber attacks against critical national infrastructure (CNI) and the aviation sector in the wake of the pandemic. The biggest impact so far has been against phishing attacks on employees, which have increased over the last 12 months. Replacing cumbersome manual methods, the new solution automatically detects a phishing attempt and checks that nobody has clicked the link, before removing the threat from inboxes across the organisation.
According to Bridewell research, aviation is one of the most targeted CNI sectors by cyber criminals with nearly half (45%) of aviation organisations witnessing an increase in cyber attacks since the start of the pandemic. The majority (88%) have detected cyber attacks on their Operational Technology (OT) or Industrial Control Systems (ICS) in the last 12 months, with 95 per cent of these encountering at least one successful attack.
“Aviation is heavily targeted by cyber criminals so it’s imperative that organisations in the sector are at the top of their game when it comes to identifying, mitigating and responding to threats,” says Scott Nicholson, Co-CEO at Bridewell Consulting. “Manchester Airport Group takes these threats extremely seriously and we are proud to have helped it build a robust and resilient solution that will protect it from the ever-evolving range of cyber threats," he adds.
Bridewell was one of the first organisations to be awarded accreditation on the Civil Aviation Authority’s ASSURE scheme, which aims to protect the UK aviation industry against the growing cyber threat.