Customer
Peter Gartner laid the foundation stone of the company's success in 1918: He delivered coal, gravel, sand and other building materials in the surrounding area with horse-drawn carts. Today, Gartner KG, headquartered in Edt, Upper Austria, is still firmly in family hands. However, with 19 locations in 8 countries and around 3,900 employees, the company has developed into one of the largest transport companies in Austria and one of the leading logistics service providers in Europe in its now more than 100-year history.
Challenge
Networking and digitization offer logistics service providers the opportunity to optimize their supply chain management and thus gain competitive advantages. However, with increasing transformation, the attack surface for cyber criminals is also growing. A systems failure is particularly critical in the industry and can lead to the collapse of the entire supply chain.
For this reason, IT security has long been a high priority at Gartner KG and was previously checked by automated annual pentesting. However, those responsible for the project were looking for a service provider who could raise the test quality and thus also the resilience of the IT infrastructure to the next level. They found the right sparring partner in secion.
Solution
In order to identify technical vulnerabilities, but also to consider the human factor as a point of attack, secion's security experts conducted a two-part test scenario in coordination with the customer.
Both the company's own infrastructure and the connected systems of the suppliers were checked for vulnerabilities using a customized greybox pentest. In addition, the security awareness of the employees and the implementation of internal security guidelines were put to the test via a social engineering audit.
Result
Thanks to secion's holistic security test, Gartner KG was able to raise its IT security to a new level. The entire infrastructure was examined for previously unknown security risks and the effectiveness of protective measures already implemented was tested. The social engineering audit also made employees across all departments and hierarchy levels particularly aware of threats posed by cybercriminals and anchored increased security awareness in the corporate culture.
In the course of increasing digitalization, we need to know permanently where we stand with our IT security. The pentest and social engineering audit gave us a deep and unbiased look at our processes and security measures. We were particularly interested in secion's approach, which differed significantly from other providers, and have set ourselves the goal of permanent testing. We will also take a look at the Active Cyber Defense (ACD) service in this context.
Markus Fuerlinger Authorized signatory and Chief Information Officer (CIO) of Gartner KG