BBC discusses the true cost of phishing prevention

Avoiding future phishing attacks requires smart people and expensive technology to analyse server logs, David Jones, head of security at the BBC

Avoiding future phishing attacks requires smart people and expensive technology to analyse server logs says David Jones, head of security at the BBC.

In his keynote presentation at InfoSecurity Europe 2014, Jones discussed how the organisation handled an attack by the Syrian Electronic Army.

Following the attack, he said: "We ran a rewind session, and took time and effort to start to design remediation."

He admitted that most of the work involves pattern matching. "It requires very smart people and expensive technology. For incident management you have to manage logs so storing and retaining logs is absolutely key."

The BBC has outsourced a large amount of IT, and Jones said it was extremely important to involve outsourcer in tackling an attack and the post-mortems.

The BBC also has an incident commander who can make quick decisions and is the main contact to work with the external affairs team.

He said: "We work with colleagues and third parties to understand our environment and have very thorough service mapping." Keeping secure is both a technological and human issue, he added.

"Normally support is not always there so it is important to understand weak points."

He urged delegates to avoid blame culture especially in situations where people have tried to act in the best interest of the organisation.

To combat future attacks, Jones said the BBC has created a flag pole. "This enables us to say we have a phish attack and we can block the phishing attack domain, then set a search to delete phishing messages from inboxes." While such an approach works on desktops and laptops, Jones said it is still necessary to in touch with mobile users, as mobile devices are generally outside the control of corporate IT.

Read more on Privacy and data protection

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.