Home Cyber Crime Fight or flight: How one of the UK’s busiest airports defends against...

Fight or flight: How one of the UK’s busiest airports defends against cyber-attacks


Manchester Airport Group’s Tony Johnson reveals prime menace to the sector – and it may not be what you’d count on

Fight or flight: How one of the UK's busiest airports defends against cyber-attacks

INTERVIEW Hacking an airport conjures psychological photographs of Bruce Willis blockbusters, hijacked planes, and a moody hacker-in-a-hoody wreaking havoc from some undisclosed location.

However in actuality, securing the networks of one of many UK’s busiest airports is rather less Hollywood.

“It’s not prefer it seems within the motion pictures,” Tony Johnson, head of safety operations at Manchester Airport Group (MAG), tells The Day by day Swig.

“Don’t get me flawed. We get some extremely refined trying phishing campaigns – you recognize, a few of them land [in my inbox] and even I’m hovering over it as a result of it seems legit and I’m not 100% positive.

“However of the common form of day-to-day threats, I assume the most important one which we see most frequently is phishing as a result of it’s such a straightforward win for attackers.

“It’s absolutely automated, they haven’t obtained someone sitting there in a darkish basement making an attempt to get into the environment, and it’s a straightforward one you could simply push throughout to thousands and thousands of recipients in a second. In order that’s the massive one which we’re managing.”

Nearly 30 million passengers travelled through Manchester Airport in 2019Almost 30 million passengers travelled by way of Manchester Airport in 2019

As anybody who works in menace prevention will know, defending in opposition to assaults is commonly simpler mentioned than finished – particularly at a big enterprise or organization.

MAG, which manages Manchester Airport, East Midlands Airport, and London Stanstead Airport, has an estimated 40,000 workers working throughout these totally different areas.

MUST READ Making justice secure again: How New Jersey Courts tackled the rush to remote working at the start of the Covid-19 pandemic

To cut back the danger of profitable social engineering assaults, the group’s safety operations middle (SOC) gives what it calls ‘nano coaching’ – a collection of brief tutorials – on a month-to-month foundation.

“They’re tiny, chunk sized, and web-based – it often takes two minutes to do, and we’re continuously reinforcing all the pieces.

“In order that’s considering earlier than you click on, occupied with spam, are you positive that is the particular person they declare to be, and issues like GDPR and knowledge safety.

“It’s that broad spectrum of potential dangers to the group by way of cyber-attacks.”

Read more of the latest news about phishing attacks

He additionally reiterates to colleagues: “In the event you’re unsure, ask.”

Johnson mentioned that though the coaching will not be obligatory, there’s robust uptake because of the simplicity of the fabric.

He mentioned: “I feel it was a deliberate resolution to not make it obligatory as a result of [when it does], it form of turns into a little bit of a chore.”

The biggest threat to airports is phishing campaigns, says JohnsonThe most important menace to airports is phishing campaigns, says Johnson

Transferring goal

Lately, important nationwide infrastructure together with airports have grow to be an more and more engaging goal for hackers.

Whereas buyer knowledge is a possible large earner for cybercriminals, Johnson mentioned that he believes attackers are primarily simply making an attempt to achieve perception into the organizations’ networks.

“In my view, what they’re making an attempt to do is get a foothold,” he mentioned.

“In the event that they get a foothold, they get a dealing with in your group, they could by no means select to make use of that. But it surely’s fairly attainable that after they’ve obtained that, the very first thing they’ll do is go straight out onto the dark web and see if anyone else has any curiosity in a foothold in group X.

“I feel that largely it’s about making an attempt to get that connection. And if we [the SOC] weren’t paying consideration, you recognize, you’d be amazed what they will get away with.”

“It comes right down to the truth that we’re a part of the UK important nationwide infrastructure and we’re a pleasant goal by way of, in the event you can cease planes taking off, you’re going to get on the information,” he mentioned, including that “getting their identify on the market” is an enormous motivator for worldwide cybercrime models.


MAG lately accomplished the migration all of its cybersecurity operations from exterior administration to in-house management.

Johnson defined that along with a cost-saving bonus, the brand new staff has higher visibility over its network and has been in a position to streamline insurance policies and procedures for the group.

When requested whether or not the group deliberate to undertake such an effort attributable to decreased visitors ranges attributable to the coronavirus pandemic, Johnson mentioned the timing was merely unintended.

“It was a coincidence, however it was additionally a contented coincidence,” he informed The Day by day Swig.

READ Bad education: Universities struggle to defend against surging cyber-attacks during coronavirus pandemic

That they had already determined to maneuver in-house as soon as a cope with the earlier third-party supplier had come to an finish, which occurred to coincide with the journey restrictions put in place.

MAG spoke to colleagues at one other airport who had labored with safety consultants Bridewell, who have been introduced in to supervise the change.

With the assistance of Bridewell, MAG carried out new measures and protections together with a migration to the Microsoft Safety Stack.

Johnson mentioned they “closely invested” within the software program and might now push round 80,000 knowledge occasions per second.

The organization manages multiple airports across the UKThe group manages a number of airports throughout the UK


Fortunately, because of the decrease quantity of foot and air visitors on premises, the transfer was maybe smoother than thought.

“The place we had some benefits is issues like 200 servers that have been going to want a reboot.

“[Before the pandemic] that may have been a logistically actually complicated course of to undergo since you’ve obtained to slot in with passenger flows.

“It could have [previously] taken weeks to prepare enterprise downtime.

“The very nice factor is it did imply that we may massively speed up this system by way of simply getting it deployed.”

YOU MAY LIKE Aaron Portnoy – ‘There’s no silver bullet for ransomware or supply chain attacks’

Source link