valantic Assists Company in the Wake of a Cyber Attack And Paves the Way to Its IT Strategy 2.0 Over the Long Term
The history of the company, which is renowned for its environmentally friendly and fair products, begins in the 1990s in a garage in Germany. It was here that the first product was packaged. Today, the company sells countless environmentally friendly products very successfully through its online store.
Challenge
Disaster scenario: Cyber attack. Compromised IT systems result in an absolute standstill at the company.
Consulting Approach
Launch of emergency operations. Crisis management both from a technical and business perspective. IT interim management. Subsequent establishment of the structure of a long-term IT Strategy 2.0.
Solution & Benefits for the Customer
Ad hoc support thanks to crisis management and the fastest possible launch of emergency operations. Devising of a highly performant business continuity plan for the future. Restructuring of the company’s IT.
Ulf Bernhardt
Managing Consultant at valantic Management Consulting
”At valantic, we always do what takes the customer forward. In this project, we again demonstrated our competence as a breach coach by taking both the technical as well as the business perspectives into account during the crisis. The solution was not, however, derived by us alone, but in a team with our customer and other partners. We are pleased we could rebuild the IT systems in this way and that they are now much more resilient against cyber attacks. All data are now exchanged in encrypted form, and access to the infrastructure has been hardened and reduced to an absolute minimum.“
The Challenge
On May 19, 2021, all of the systems of the impacted company shut down and powered down. All of its file servers were encrypted and its IT systems compromised in one fell swoop. The initial shock then transitioned into helplessness. Despite the impending Pentecost weekend, however, internal and external experts immediately assembled, and the hurriedly formed crisis team started work on site in a so-called “war room”.
The overriding goal was to get the systems up and running again as quickly as possible and to minimize the damage.
Solutions and Results in Detail
valantic’s job was to accompany and coordinate the measures initiated after the attack. The immediate task was to establish the status quo. This involved firstly answering the questions: which systems had been impacted ? What were the mission-critical business processes? Which individuals were responsible for what? How should the next steps be sequenced? And last, but not least: what were the greatest threats to the company? And how should t he situation be best communicated to the employees and externally?
Simple questions such as “Can employees’ salaries be paid on time at the end of the month?” or more generally “What is the status of the dat asets?” revealed just how many IT systems were entwined with a single business process.
The search began for non-compromised backups and systems that could be resurrected. Emergency operations commenced swiftly under various security considerations, and were simultaneously accompanied by system scans and the analysis of any indicators of compromise (IOCs) that were identified.
Seven days after the cyber attack, the so-called “immunization line” was taken into operation and reinstalled each computer. A day later, e-mails could be read and sent again. Yet another day later, the telephone system was up and running again. Since the affected company had an externally hosted online store, orders could still be placed there during and after the incident, but any downstream processing other than that was not possible, i.e. the company could not see or process the orders. But this problem, too, was solved 11 days later as the first package traversed the entire logistics process and packages could be sent once more.
The systems were restarted one by one, the status of all the IT systems being monitored and analyzed continuously to determine whether the target quality benchmarks had been reached. In addition, all systems were fitted with a cutting edge Endpoint Detection and Response (EDR) solution managed 24×7 by an externally commissioned Security Operations Center (SOC). valantic’s proven traffic light system played an important role here by highlighting the systems in need of further optimization in the background – even though users had the impression of already enjoying the systems’ unrestricted functionality.
Benefits for the Company
The upside of the incident was that, together with valantic and other strong partners, the customer was able to establish a resilient, long-term future basis for its IT infrastructure. Responsibilities were redefined and regulated anew within the company, and the involved parties outlined the path to the company’s IT 2.0. Moreover, to ensure manageability of the company’s diverse and constantly growing range of IT systems and services, the parties drew up an up-to-date service map and defined responsibilities for the various service levels, thereby establishing secure, state-of-the-art fundamentals for operating all of the company’s IT systems in the future.
Download Success Story: Rescue of the company after a cyber attack
Download the complete Success Story and learn how valantic supports the company after a cyber attack and paves the way to IT Strategy 2.0 over the long term.
Thomas Lang
Partner & Managing Director
valantic Management Consulting GmbH