Martin Baur GmbH is a service provider in the transport, building materials, stone and earth industries and is competitively positioned nationally and internationally as a freight forwarder for cargo transport, part load transport & general cargo. The medium-sized family business with headquarters in Binzwangen in the district of Biberach employs around 200 people. Today, it is already managed by the third generation and was founded in 1938. At that time, Martin Baur and his younger brother started to transport long timber from the forest to sawmills and railroad stations in the region with the help of horse-drawn carts. Today, the wide range of services and the size of the company ensure that it is well known throughout southern Germany.
The internal perpetrator pentest gave those responsible for the project at Martin Baur GmbH a comprehensive picture of all processes and protective measures in the area of IT security. Whereas the company had previously had the serious experience of "real" cybercriminals successfully exploiting vulnerabilities in the network, the internal perpetrator simulation subsequently served as an IT security check:
After cleaning up and increasing the security level, it was checked to what extent and to what degree the company was now in a position to better detect and ward off potential attacks in the future. As part of the security audit, the IT security specialists took on the role of an internal perpetrator who tries to penetrate other network areas and extend authorizations as far as possible. In other words, precisely those areas that had previously been successfully compromised. It was examined when the internal IT department became aware of the activities of the "intruder", whether existing security processes were sufficiently effective or whether all security-related standards were also implemented by all employees.
The final, detailed documentation of results with concrete recommendations for action enables the company to successively implement improvement measures, close security gaps and thus increase the resilience of the IT systems. The phishing campaign was also able to significantly increase the sensitivity and IT security awareness of all employees once again: All colleagues now use their e-mail inboxes even more critically and vigilantly.
"The successful cyber attack has led us to the realization that it can affect anyone! It is now also important for us to take a critical external look at our IT security measures. With Allgeier secion, we feel we are in very good hands in this regard. The cooperation was very professional and very pleasant, everything was optimally organized and involved a manageable amount of work for us. In addition, the agreed cost and deadline framework was adhered to, which is also very important to us. For us, one thing is certain: IT security must be lived and constantly developed. After the successful project kick-off, we are planning to carry out another pentest with Allgeier secion in two to three years and can only warmly recommend the company!"