How regular appointments enable the findings to be processed quickly by an external service provider
If an employee's data ends up on the dark web, two things are crucial. First: checking the systems for indicators of compromise. Second: quickly resolving existing vulnerabilities to minimize the risk of compromise.
As managing director of Vogtmann-Herold+Co.GmbH, Mr. Cirener achieved both by commissioning us, in addition to a forensic analysis, to provide consulting for the efficient closure of vulnerabilities. In this success story we describe exactly how we did this and why Mr. Cirener was able to gain an important employee as a result.
Vogtmann-Herold+Co.GmbH is a company with 77 years of experience in mobility combined with emotionality and sustainability. The full-service provider to the automotive industry covers everything from workshops to leasing to vehicle construction.
Fritz Cirener
Executive Partner
Mr. Cirener has been managing director of Vogtmann-Herold+Co.GmbH for over four years. What sets him apart is that he knows the importance of IT security in a modern company and uses his position to initiate and pragmatically implement optimizations in this area.
The basis for this success story was a letter: Mr. Cirener received official information that an employee's data had emerged in a leak. The very acute question for us was: Can we find Indicators of Compromise (IoCs) in the network? Has the published data been exploited?
The resulting second question was: How well are we generally protected from cyber attacks in such and other scenarios?
For the second question in particular, we were able to build on a pen test that we had previously carried out for Vogtmann-Herold+Co.GmbH. The company had previously processed the findings from this assessment independently. Due to the new explosiveness of the topic for the company, the desire arose to receive support in order to quickly minimize the risks.
One challenge was that Vogtmann-Herold+Co.GmbH had completely outsourced its IT to an external service provider at this point.
The credo of the assignment to us was: Find pragmatic solutions with us that we can implement quickly.
We first conducted a forensic analysis to thoroughly check all systems for indicators of compromise. We found no signs of compromise, so we were able to immediately start eliminating vulnerabilities.
In the solution strategy for risk minimization, we worked in parallel on two levels:
In regular meetings with the external service provider, we prioritized the findings and supported them in resolving them through knowledge transfer and project management.
In monthly status meetings with Mr. Cirener, we provided information about progress and blockages in order to facilitate communication between specialist service providers and management and, if necessary, to be able to obtain additional resources for IT in a timely manner.
The regular deadline structure put a certain amount of pressure on the IT service provider in a positive sense, so that all the findings from the first pentest could be resolved within a year (including the independent processing time at the beginning).
Mr. Cirener commissioned a retest to validate the results and provide a basis for further optimization. For him, the topic of IT security is now an integral part of his corporate strategy.
The employee of the external IT service provider who was responsible for supporting Vogtmann-Herold+Co.GmbH is now permanently employed by the company. This means that projects can be implemented more efficiently and the company benefits more sustainably from the knowledge transfer through ProSec.
How do you combine innovation and digitalization with security? How do you create operational space for the efficient implementation of IT security projects?
