Arts Centre Melbourne deploys MDR services to contain phishing incident

Arts Centre Melbourne has outlined how it successfully identified and contained a phishing incident using Arctic Wolf's managed detection and response (MDR) service, which was already deployed at the time of the attack, following an internal review that highlighted gaps in the organisation's cyber security monitoring.

A phishing email reached multiple staff members and, in one case, a user entered credentials before the issue was identified internally. Arctic Wolf monitored activity and flagged abnormal behaviour, according to the case study. The compromised account was isolated and the Arts Centre Melbourne team carried out remediation. The organisation reported no financial loss, no data compromise, and no interruption to performances or business operations.

The episode underscores the operational pressure on cultural institutions that handle large volumes of personal and payment data while operating extended hours. Arts Centre Melbourne describes itself as Australia's largest performing arts centre. It hosts Opera Australia, The Australian Ballet, Melbourne Theatre Company and the Melbourne Symphony Orchestra, alongside other local and international productions.

The case study says the organisation did not run an in-house security operations centre before engaging Arctic Wolf. A small IT infrastructure team managed day-to-day operations across a hybrid environment, supported by several security tools that did not provide a single, real-time view of alerts and risks.

This setup is common in many mid-sized organisations, where cyber security responsibilities sit with generalist IT teams. Tool sprawl can create noise rather than clarity. Separate dashboards and inconsistent alerting can slow triage, particularly outside business hours.

Monitoring model

Arts Centre Melbourne selected Arctic Wolf after evaluating several providers, citing local presence, integration options and continuous monitoring.

"We wouldn't be able to achieve the level of service and the 24x7 monitoring we receive from Arctic Wolf in-house," said Brett Caldwell, Head of IT Infrastructure at Arts Centre Melbourne.

Caldwell said security technology was already in place before adopting MDR, but limited integration and a lack of end-to-end visibility reduced its effectiveness.

"We just didn't have eyes on what we needed to within our IT environment," Caldwell said. "We knew we needed to get a service in place that would give us that visibility. Arctic Wolf delivered that for us."

Arctic Wolf's MDR service runs on its Aurora Platform, which the company says ingests and correlates data from endpoint, network, identity and cloud sources to provide a consolidated view of alerts and activity.

Time to deploy was also a factor. Caldwell described the implementation as quick given the complexity of the environment, including a large user base, third-party applications, and partner and patron data.

"We needed a quick, efficient, and effective solution," Caldwell said. "From initial kick-off to full implementation with Arctic Wolf, it took only eight days."

Alert triage

The case study also describes a shift in how the IT team receives and prioritises security information. Arctic Wolf filters and triages alerts and escalates items that are "timely and actionable", which Arts Centre Melbourne presented as a way to address capacity limits in its internal team.

"The detection and response pace of Arctic Wolf is vital," Caldwell said. "Like most organisations, our team just doesn't have capacity to sit there and try to detect everything."

Non-standard working hours were another driver for continuous monitoring. Arts Centre Melbourne said its systems run late into the night and on weekends, and cited sensitive patron information and financial records as part of its risk profile.

"While we're focused on keeping the lights on for the business, MDR fills our security operations gaps," Caldwell said. "Having eyes-on-glass 24x7 is not something we could achieve in-house."

Ongoing support

Beyond monitoring and incident response, the case study describes support from Arctic Wolf's Concierge Security Team (CST). Arts Centre Melbourne said the CST conducts security posture reviews and supports longer-term projects.

"It's been great having someone local who understands our market and unique challenges," Caldwell said.

The case study says this includes reviews of the organisation's environment and discussions about risk scores, vulnerability alerts and emerging threats. It also says Arctic Wolf alerted the organisation to some localised threats ahead of government cyber threat intelligence services.

"The CST always comes prepared to our meetings, with reports that outline the current state of our environment," Caldwell said. "It keeps our team's eyes open to issues and areas for improvement."

Caldwell compared the service to having additional in-house security resources during periods of heightened risk and remediation work.

"It's those sorts of scenarios where Arctic Wolf really helps - highlighting vulnerabilities we wouldn't otherwise see. It's almost like having a full security resource in-house," Caldwell said.

Arts Centre Melbourne said it is using the managed service model as part of a broader effort to lift its security posture and work towards Essential Eight compliance.

"Investing in a managed security service was a great decision for Arts Centre Melbourne," Caldwell said. "Detection and response capabilities are a non-negotiable and having that one dedicated team makes a major difference."