Security at work
A few months ago a service provider that uses our service had a major security incident. We became aware of it through a news article. If a keen-eyed observer hadn't spotted it we'd have been non-the-wiser.
Our information security team got right down to business. They increased focus on the potentially affected services and immediately started asking if we could take the service down for that customer. We had no information to support that decision and the relationship manager was engaged to find out more information. After a couple of hours we hadn't heard anything so gave them an ultimatum: we would shut down the service in one hour if they didn't start providing the information we needed. That got their attention and within twenty minutes the information security team were on a call with them finding out about the nature of the incident and if it had been contained etc etc. What it was I'll never know - it was only shared on a need-to-know basis.
Fortunately, the nature of the incident meant that it was unlikely that we would have been affected. However, passwords were reset and they were reminded of obligations in the customer agreement to inform us of any incidents.
Meanwhile, our security service providers were updated on the nature of the attack so they could monitor and hopefully prevent it.
It was fascinating, and a privilege, to see the information security team in action. They practice for events like this and the result is a professional response that we can only be proud of.
- Previous: Expiring entities
- Next: Service improvement
