How VARIO AG used a ransomware attack to achieve a very high level of maturity in IT security with 3 support modules
How do you combine innovation and digitalization with security? How do you create operational space for the efficient implementation of IT security projects?
In this success story from Hendrik Schneider, the authorized representative and successor at VARIO AG, the company reached a very high level of maturity in terms of IT security within a short period of time after a ransomware attack. This was achieved through a three-pronged support approach on our part - and the enormous commitment of Mr. Schneider and his team.
Hendrick Schneider
Authorized representative and successor
Hendrik Schneider is an entrepreneur through and through: He is all about driving digitalization and innovation in the family business. He is very aware of his great responsibility for the company, employees and customers and therefore consistently thinks about the issue of security. Here he is a perfectionist: There is no such thing as “It’s ok, we’re good enough!” with him. Mr. Schneider knows that attackers are constantly upgrading and therefore does not tolerate any standstill when it comes to expanding his own IT security.
Mr. Schneider contacted us after VARIO AG fell victim to one Ransomware attack had become. Although the company was able to successfully restore the affected systems itself, it wanted to give the topic of IT security even greater importance after this experience.
The most pressing questions for Mr. Schneider at this point were: Through which vectors are we vulnerable at our current level? What safety aspects have we perhaps overlooked so far? Do our security measures stand up to an acid test?
An additional challenge was that... Position of IT manager newly filled became. The IT manager was technically very fit, but was just growing into the new role of a team leader.
We ran one at first initial penetration test in order to be able to provide well-founded information on the current level of maturity of IT security. We found some vulnerabilities and security aspects that had not previously been considered.
We initially supported the expansion of cyber resilience Support and knowledge transfer in vulnerability managementin order to free up internal company resources for processing the findings.
A retest already showed enormous progress and a high level of maturity in terms of IT security. In order to be able to implement further projects and optimizations even more efficiently in the future, we added two additional modules to our collaboration:
At the same time, we have joint “Hacking evenings“carried out to test new VARIO developments live from the attacker’s perspective and to put security measures to the test.
VARIO also used our Junior Penetration Tester Courseto train two employees in the field of Offensive Security. This means that VARIO now has the opportunity to train the Attacker perspective and derive important measures from it.
Overview of the 3 components of our solution for VARIO:
Retests after the initial penetration test each time showed great progress in VARIO AG's cyber resilience. Through coaching in the area of team leadership and support in the operational area with vulnerability management, development projects in the company were able to be implemented promptly and successfully. New developments in other areas of the company could be secured from the outset under IT security aspects (shift-left approach). The structuring of processes and documentation not only advanced the security of VARIO AG, but also the efficiency of the entire IT.
How do you manage to secure a project reliably under enormous time pressure and an outsourcing rate of over 80% so as not to endanger the parent company?
