"We collect logs, but nobody looks at them."
COMPANY
Sector: Energy
Size: 120 employees
Location: Flanders
FACTS & FIGURES
Central log collection in place but no active monitoring
Intrusion went unnoticed for 3 months
Business Impact: Data exfiltration and regulatory impact
STORY
An energy company in Flanders had implemented centralized logging across its servers and firewalls. However, due to lack of resources, nobody actively reviewed or analyzed the logs. When attackers breached a web server through an unpatched vulnerability, they maintained access for three months, exfiltrating sensitive contract data. All the evidence was visible in the logs, but without monitoring, the signals were missed.
INCIDENT OVERVIEW
Logs are only valuable if someone looks at them. Collecting data without analysis creates an illusion of security. Attackers often leave traces: failed logins, unusual access times, large data transfers,... but these clues are meaningless if no one acts on them. In this case, the absence of monitoring turned what could have been a quickly contained intrusion into a prolonged compromise, illustrating how passive security controls are no security at all.
BUSINESS IMPACT
Long-term attacker presence (dwell time)
Loss of sensitive contractual data
Regulatory scrutiny and fines
SECURITY MEASURES
Implement SIEM solutions with alerting
Assign responsibility for log review and escalation
Regularly test detection capabilities