MAG brings cyber-security operations in-house

The new system is hoped to improve visibility and prevent cyber-attacks 

Manchester Airport Group (MAG) has implemented new security operations to protect itself against possible cyber-attacks.  

Working alongside cyber security firm, Bridewell Consulting, the organisation has transferred its operations to an in-house team rather than an external security operations centre (SOC) model.  

MAG
Photo MAG

Tony Johnson, head of cyber security operations at MAG, stated that the airport group wanted to “gain better autonomy” over the company’s protection.  

He said: “The team worked through the pandemic to create and implement the new solution which cuts through the noise to give us an accurate view of our IT estate. We’re now very confident that we’re delivering a better service and can already see the positive outcomes.” 

Scott Nicholson, co-CEO at Bridewell Consulting, added: “Aviation is heavily targeted by cyber criminals so it’s imperative that organisations in the sector are at the top of their game when it comes to identifying, mitigating and responding to threats.” 

“Manchester Airport Group takes these threats extremely seriously and we are proud to have helped them build a robust and resilient solution that will protect them from the ever-evolving range of cyber threats.” 

According to the company, MAG is now able to take advantage of more accurate threat detection and response, with 95% of all servers now visible to the SOC compared to 70% beforehand.  

Prior to the new system’s implementation, the security firm trialled the platform with an eight-week proof-of-concept hybrid, before upscaling to the full-sized model.  

Phishing attacks on employees has increased over the past year, Bridewell said. With its new solution, these attempts can be detected before staff are able to click on unwanted links in their email inbox.  

Research conducted by the company found that 88% of aviation organisations have experienced cyber-attacks on operation technology or industrial control systems over the last 12 months.