Comprehensive IT security audit at Versorgungswerk der Zahnärztekammer Berlin (VZB)
by Tina Siering
Successful cyberattacks can have serious consequences for organizations of all sizes and industries - for example, a complete systems failure due to a ransomware attack, combined with data encryption and high ransom demands from cybercriminals. In order to close potentially existing IT security gaps, to sensitize its own employees to security risks and, in principle, to be prepared for a possible worst case scenario, the "Versorgungswerk der Zahnärztekammer Berlin" is the professional pension fund of dentists for the chamber areas of Berlin. VZB (for short) commissioned Allgeier secion with a three-part IT security audit.
First, the pentesting experts used a black box audit to examine the VZB's infrastructure for vulnerabilities and IT security gaps. There was hardly any information available about the IT systems to be audited, so the audit was conducted under the conditions of real cyber criminals. The aim of this procedure was to uncover an attacker's view of the organization from the outside, to detect existing security risks in the systems and then to test them using targeted attack scenarios. In the subsequent social engineering audit, the IT security consultants attempted to exploit the "human vulnerability" through social manipulation and to persuade VZB employees to disclose sensitive information such as passwords.
At the recommendation of the security experts from Hamburg, the comprehensive IT security review was concluded with an organizational audit that focused on VZB's "Incident response readiness strategy." The existing process and behavior plans of the pension fund were analyzed and optimized in the event of a compromise of the systems and laid down in a dedicated emergency plan. Because in the event of a successful cyberattack, fast and precise action is required!