Avoiding future phishing attacks requires smart people and expensive technology to analyse server logs says David Jones, head of security at the BBC.
Following the attack, he said: "We ran a rewind session, and took time and effort to start to design remediation."
He admitted that most of the work involves pattern matching. "It requires very smart people and expensive technology. For incident management you have to manage logs so storing and retaining logs is absolutely key."
The BBC has outsourced a large amount of IT, and Jones said it was extremely important to involve outsourcer in tackling an attack and the post-mortems.
The BBC also has an incident commander who can make quick decisions and is the main contact to work with the external affairs team.
More articles fro InfoSecurity Europe 2014
He said: "We work with colleagues and third parties to understand our environment and have very thorough service mapping." Keeping secure is both a technological and human issue, he added.
"Normally support is not always there so it is important to understand weak points."
He urged delegates to avoid blame culture especially in situations where people have tried to act in the best interest of the organisation.
To combat future attacks, Jones said the BBC has created a flag pole. "This enables us to say we have a phish attack and we can block the phishing attack domain, then set a search to delete phishing messages from inboxes." While such an approach works on desktops and laptops, Jones said it is still necessary to in touch with mobile users, as mobile devices are generally outside the control of corporate IT.