3 building blocks for secure innovation

How VARIO AG used a ransomware attack to achieve a very high level of maturity in IT security with 3 support modules

How do you combine innovation and digitalization with security? How do you create operational space for the efficient implementation of IT security projects?

In this success story from Hendrik Schneider, the authorized representative and successor at VARIO AG, the company reached a very high level of maturity in terms of IT security within a short period of time after a ransomware attack. This was achieved through a three-pronged support approach on our part - and the enormous commitment of Mr. Schneider and his team.

Table of Contents


VARIO Software AG produces ERP software for SMEs and advises companies in this context. VARIO has been an owner-managed company for 30 years and serves more than 10.000 customers in the DACH region. The son of the founder Ralf Schneider - Hendrik Schneider - has been the authorized representative and successor for the family business since 2021, which now has around 90 employees.

Hendrick Schneider
Authorized representative and successor

Hendrik Schneider is an entrepreneur through and through: He is all about driving digitalization and innovation in the family business. He is very aware of his great responsibility for the company, employees and customers and therefore consistently thinks about the issue of security. Here he is a perfectionist: There is no such thing as “It’s ok, we’re good enough!” with him. Mr. Schneider knows that attackers are constantly upgrading and therefore does not tolerate any standstill when it comes to expanding his own IT security.

The challenges

Mr. Schneider contacted us after VARIO AG fell victim to one Ransomware attack had become. Although the company was able to successfully restore the affected systems itself, it wanted to give the topic of IT security even greater importance after this experience.

Continue reading?

The most pressing questions for Mr. Schneider at this point were: Through which vectors are we vulnerable at our current level? What safety aspects have we perhaps overlooked so far? Do our security measures stand up to an acid test?

An additional challenge was that... Position of IT manager newly filled became. The IT manager was technically very fit, but was just growing into the new role of a team leader.

Our solutions

We ran one at first initial penetration test in order to be able to provide well-founded information on the current level of maturity of IT security. We found some vulnerabilities and security aspects that had not previously been considered.

We initially supported the expansion of cyber resilience Support and knowledge transfer in vulnerability managementin order to free up internal company resources for processing the findings.

A retest already showed enormous progress and a high level of maturity in terms of IT security. In order to be able to implement further projects and optimizations even more efficiently in the future, we added two additional modules to our collaboration:

  1. Building a custom fit ISMS for structured and reliable security management
  2. Regular appointments with IT manager for support and Coaching in the area of ​​team leadership


At the same time, we have joint “Hacking evenings“carried out to test new VARIO developments live from the attacker’s perspective and to put security measures to the test.

The result

Retests after the initial penetration test each time showed great progress in VARIO AG's cyber resilience. Through coaching in the area of ​​team leadership and support in the operational area with vulnerability management, development projects in the company were able to be implemented promptly and successfully. New developments in other areas of the company could be secured from the outset under IT security aspects (shift-left approach). The structuring of processes and documentation not only advanced the security of VARIO AG, but also the efficiency of the entire IT.

Start your own success story!
What are your challenges in expanding your IT security?
Schedule a Personal Consultation
More success stories
Time pressure & outsourcing

How do you manage to secure a project reliably under enormous time pressure and an outsourcing rate of over 80% so as not to endanger the parent company?

Table of Contents