In the wake of a severe cyber attack that temporarily crippled Suncor, an incident that sent shockwaves through the oil and gas industry, the Canadian Cyber Partnership issued alerts and guidance, highlighting the vulnerability inherent within the sector
As a result, a leading Canadian natural gas company (a CoreView customer), paying close attention to the unfolding situation, recognized the need to enhance their cybersecurity stance. This recognition came from understanding their position in the same industry as Suncor.
Although Suncor is not affiliated with CoreView, the incident motivated the Canadian company to undertake thorough audits of their Microsoft Exchange mailboxes. This proactive measure was taken to identify and address potential security exposure points, thereby strengthening their defenses against the possibility of a similar cyber threat.
"CoreView’s audit capabilities made the incident response process effortless. In minutes we were able to rapidly zero in on critical data that would normally take weeks to uncover."
While an audit of this nature could take days or weeks, the IT team did it in minutes using the Microsoft 365 audit tools from CoreView. They quickly identified risk areas and began taking countermeasures.
The first step for assessing the organization’s risk level was to locate all emails that any of their team had recently sent to Suncor during the cyber attack. Then, they needed to pinpoint who sent them and when. With CoreView’s Microsoft 365 audit tools, this entire process became easy, allowing the organization to conduct the audit in minutes.
“CoreView’s audit capabilities made the incident response process effortless. In minutes we were able to rapidly zero in on critical data that would normally take weeks to uncover,” a spokesperson for the organization said.
They then followed up on their internal email accounts to ensure no security breach occurred.
After the audit, upper management was still concerned about a potential breach and asked the IT team to take further action. Using CoreView’s Guest Accounts report, the team searched for guest account activity in Microsoft 365 from the originally affected company.
They then filtered the data to identify any suspicious M365 accounts. Then, within the report, the team removed all Microsoft 365 guest accounts and blocked their M365 credentials in bulk.
The result? Effective incident response for Microsoft.
In the end, CoreView’s tools saved the company hours of response time during a critical moment. The platform empowered the company’s IT team to take proactive steps to ensure they did not suffer the same fate as the other company.