Case Study by Andres Agudelo – Senior Manager Cyber Security and Information, Australian Community Support Organisation.
The Background
Australian Community Support Organisation (ACSO) is a not-for-profit that works to strengthen our communities' wellbeing by advocating for and delivering services that divert people away from the justice system.
Our 500 employees work across various teams, from finance, technology, people and culture and strategy in business services, to our invaluable operations teams with skillsets across mental health, alcohol and other drugs, disability residential support, and more. We also have many caseworkers – they're our frontline in New South Wales, Victoria and Queensland – and they usually work offsite on mobile devices and laptops that we provide.
With such diversity in roles, it's understandable that not all of our workforce is tech-savvy, which presents risks. These risks are amplified when employees have to access our systems and network from outside organisational boundaries, either to deliver client services or as a consequence of events like the COVID-19 pandemic.
In addition to our workforce, our external clients and different agencies access services via our website and Case Management Systems. Some employees come into our offices to do this via our internal network, and others access our website and our services online from their own devices.
The Goal
Having identified these inherent risks to our security, along with the growing number of cyber-attacks in general, we wanted to engage an information security partner that we could count on.
We wanted to gain a deep understanding of users' behaviours – how they do things via our network and the potential threats these behaviours place on our infrastructure.
In essence, we needed a Security Information and Event Management (SIEM) platform that would enable us to know what was happening behind the scenes. We needed to receive expert advice that would allow us to remediate any vulnerabilities in a timely fashion.
We can always learn how to use the available security tools but having that security and human expertise on-call gives us confidence because we know there's always someone there when we need them.
The Selection Process
The Missing Link was recommended to me by friends and colleagues. I had also met their CEO at a conference, and following that meeting, we'd connected on LinkedIn, so I felt confident about their expertise. Nevertheless, before appointing them, I did my research - I checked their testimonials and reviews, and I invited them to submit proposals along with other competing vendors.
The Missing Link provided the most comprehensive proposal, and they supported it by demonstrating their platform and showing me the types of insights it would give me. It was a no brainer. I took them on.
The Relationship
Implementing a SIEM platform with The Missing Link has been a straightforward, smooth process. We had a few exploratory meetings over two or three months, and after that, things came together really quickly.
At the same time that we were working with The Missing Link, we were working on other projects to implement the ASD Essential 8 to mitigate the risk of cyberattacks – as the Government funds us, we're mandated to have these measures in place. Multi-factor identification and VPN usage were proving difficult, and we were fortunate that The Missing Link stepped in and helped us achieve this, even though it was outside their scope of work. They also helped us to improve the visibility of our network from inside and outside the organisation.
As a result of the SIEM platform, our understanding of our network and users' behaviours is far better than ever. We can monitor traffic on our servers, website and apps, and our VPN. We became aware of and were able to close down accounts that should no longer have access to our system and control communication with external servers. We've also been able to remediate issues identified by The Missing Link with effective security solutions.
The Difference
The Missing Link gives me access to dashboards with insights and analytics at the click of a button. This is really valuable - I can see where attack threats are coming from in real-time, request advice remediation, and control the use of our website and applications.
For the first time, I can quickly and easily download reports to demonstrate our security compliance, as needed and sorted by different KPIs, security standards and more. Before The Missing Link's SIEM platform, I had to pull these together from multiple locations manually.
Our SIEM platform gives us a significant advantage at an organisational level – we now have a big picture of user behaviours and what is happening on our network in real-time, 24/7. This enables us to identify and mitigate potential issues proactively - it's a real win for us.