The story of an attack on a critical infrastructure provider

Customer type

A critical infrastructure services company with more than 500 employees and an annual turnover of more than CZK 100 million CZK.

What situation did he deal with

In the past, the customer has received several reprimands from the Data Protection Authority in relation to data security. In addition, the company has experienced theft and misuse of customer emails for spamming.

What we helped with

With our help, the company has started to prepare the implementation of measures within the framework of the NIS2 deployment. This was preceded by an initial analysis which revealed a number of unpleasant findings.
In agreement with the customer, we deployed a monitoring probe into the network which within a short time revealed a compromised server controlled by attackers from East Asia. The situation required an immediate response to prevent further abuse of the client’s infrastructure. Experience showed that the customer was not prepared to effectively address these risks.

What the solution brought

We have prepared a comprehensive risk analysis and based on it, we have proposed specific security measures and processes that will prevent a similar situation from recurring in the future. We handed over the security project and helped to put it into practice. The company subsequently passed the retests with no error messages and significantly improved its overall level of security. However, a major effect for the customer has been the comprehensive upgrade of the performance and security management systems to reflect the new obligations arising from the commitments and direct designation under NIS2.

Benefits of implementing information risk management

  • Prioritising further security investments and projects
  • Determining the optimal balance between investment and the level of security achieved
  • Obtaining information on the level of IS security achieved by an independent party
  • Identifying risks and vulnerabilities that pose an immediate threat to the organisation’s key functions and assets
  • Creating the basis for the development of the company’s ICT security documentation
  • Identification of threats such as data leakage, abuse of privileges, human error, etc., including possible abuse scenarios
  • Significant increase in IS security by implementing the proposed measures
  • Obtaining arguments for management decisions on allocation of investments in IS security
© 2024 Faster.cz
Created by