Customer
Martin Baur GmbH is a service provider in the transport, building materials, stone and earth industries and is competitively positioned nationally and internationally as a freight forwarder for cargo transport, part load transport & general cargo. The medium-sized family business with headquarters in Binzwangen in the district of Biberach employs around 200 people. Today, it is already managed by the third generation and was founded in 1938. At that time, Martin Baur and his younger brother started to transport long timber from the forest to sawmills and railroad stations in the region with the help of horse-drawn carts. Today, the wide range of services and the size of the company ensure that it is well known throughout southern Germany.
Challenge
In the past, "in the small rural company", IT managers used established security solutions, especially with a focus on prevention. However, a successful cyber attack led to the encryption of data and showed that firewalls and virus protection had unfortunately not been sufficient to adequately secure the IT system landscape.
The company had to realize that it is not a matter of company size to be a target of cyberattacks of such magnitude. After cleaning up and restoring the systems, permanently securing and increasing the company's own system protection remained at the top of the IT managers' agenda.
Solution
Martin Baur GmbH commissioned Allgeier secion to optimize the IT security level in order to be better positioned for future attack attempts. In a two-part test, technical vulnerabilities were to be identified, but the human factor was also to be considered as a possible point of attack in a cyber attack. In an internal perpetrator pentest, the IT security experts from Allgeier secion used the approach of real cyber criminals to simulate various attack patterns and thus identify technical vulnerabilities in the company's systems. Using a phishing campaign - one of the most common door openers for successful cyberattacks - the security awareness of all the company's employees was also tested.
Result
The internal perpetrator pentest gave those responsible for the project at Martin Baur GmbH a comprehensive picture of all processes and protective measures in the area of IT security. Whereas the company had previously had the serious experience of "real" cybercriminals successfully exploiting vulnerabilities in the network, the internal perpetrator simulation subsequently served as an IT security check:
After cleaning up and increasing the security level, it was checked to what extent and to what degree the company was now in a position to better detect and ward off potential attacks in the future. As part of the security audit, the IT security specialists took on the role of an internal perpetrator who tries to penetrate other network areas and extend authorizations as far as possible. In other words, precisely those areas that had previously been successfully compromised. It was examined when the internal IT department became aware of the activities of the "intruder", whether existing security processes were sufficiently effective or whether all security-related standards were also implemented by all employees.
The final, detailed documentation of results with concrete recommendations for action enables the company to successively implement improvement measures, close security gaps and thus increase the resilience of the IT systems. The phishing campaign was also able to significantly increase the sensitivity and IT security awareness of all employees once again: All colleagues now use their e-mail inboxes even more critically and vigilantly.
"The successful cyber attack has led us to the realization that it can affect anyone! It is now also important for us to take a critical external look at our IT security measures. With Allgeier secion, we feel we are in very good hands in this regard. The cooperation was very professional and very pleasant, everything was optimally organized and involved a manageable amount of work for us. In addition, the agreed cost and deadline framework was adhered to, which is also very important to us. For us, one thing is certain: IT security must be lived and constantly developed. After the successful project kick-off, we are planning to carry out another pentest with Allgeier secion in two to three years and can only warmly recommend the company!"
Michael Bernauer IT executive at Martin Baur GmbH