In a Dia-LOG with Ralf Reuel
In a slide-LOG with Ralf Reuel
We live partnerships and met IT manager Mr Reuel from our long-standing partner Lück GmbH for an interview. He talks to us openly and honestly about the challenges of IT security and takes an optimistic look into the future.
suresecure: What challenges prompted you to hire an IT security service provider?
Ralf Reuel: There are two main reasons for hiring an IT security service provider. Firstly, we have no capacity and secondly, we have too little expertise to dedicate ourselves to this area as professionally as we need to.
Our ERP software and day-to-day business take up almost all of our time, leaving little time for other issues. That's why we've been working with specialists in this field for 8 years.
That means there was already a service provider before suresecure - what was your experience here?
The comparison is difficult, as I had virtually the same contacts. Mr Papadaniil and Mr Ridderskamp were ultimately also the reason why I switched to suresecure.
That's exciting, i.e. you also became aware of suresecure this way?
Exactly. I already knew both of them from Cancom times and when I was informed that a company was about to be founded, I immediately realised that we would go along with it. The personal relationship has strengthened a lot over time and we trust the expertise of both of them 100 %.
Such a decision in favour of a young company compared to Cancom seems unusual at first glance - how were you able to argue this? What ultimately convinced you in favour of suresecure?
I didn't have the feeling right from the start that I was losing quality in any respect, but that I was gaining flexibility while maintaining the same quality
What importance does IT security have in your company?
Six to eight years ago, IT security was still a marginal topic. It was only about spam mails and virus protection programmes. In the meantime, it has become very important, partly due to painful experiences, and is an integral part of the corporate strategy. A Trojan horse caused us enormous damage. We never want to experience this incident again in this form and unprepared. That is why we have increased our investment in preventative measures enormously and now also rely on managed security services.
We are not only investing in technology, but also want to invest in security awareness training for our employees in the future. I personally consider this to be very important, as confirmed by the tests that have been carried out.
This is a nice transition to our next topic: you recently had a [secure] check carried out - what prompted you to do this and what were your expectations of the check?
We have already had several checks carried out. A few years ago it was a black & white test by T-Systems. This involved an unannounced penetration test and an on-site vulnerability analysis. Some good measures and conclusions could definitely be derived from this.
The [secure]check takes a slightly different approach and shifts the focus of the test from: How do I get into the IT infrastructure to - how can an attacker actually move around in the IT infrastructure? We have never had this area examined before and were therefore very interested in an assessment.
In addition, the preliminary discussions promised an intensive examination of our company's organisational processes, where we are well aware of some weak points.
What did the [secure]check do for you? How satisfied are you with the results?
We are very satisfied with the result of the [secure]check. Not only with the actual result, but especially with the process, the implementation and the transparent communication throughout. I don't want to mention detailed results, but overall we are clearly sensitised to topics such as documentation and the tracking of requirements and changes. In addition, the technical approaches from the previous check were confirmed in their entirety.
How do you currently feel about your IT security?
Overall, I currently have a very good feeling. But there's always room for improvement, especially in terms of organisation and documentation.
You mentioned earlier that you now also use managed security services. What prompted you to switch to a service contract?
As I mentioned earlier, we are always struggling with capacity bottlenecks. We want IT security of exceptional quality and we now receive this in bundled form from suresecure. We particularly appreciate the speed, flexibility and exceptional expertise.
If I wanted to do this in the same quality in my company, I would certainly need 2-3 well-trained specialists.
The coronavirus crisis has led to a sharp increase in the number of attacks. Not only malicious emails, but also infected landing pages with corona-related content have caused us problems. Fortunately, this trend is now subsiding. But our staff are fully occupied with maintaining the IT infrastructure and in-house troubleshooting.
What approximate percentage of attacks are now started automatically?
Thanks to suresecure's expertise and the use of suitable, well-coordinated software and hardware components, we are now able to intercept 90 - 95% of attacks fully automatically. This is of course a huge relief for us. In some cases, we wondered whether the systems were still working, as we only received so few cases. I wouldn't want to do without any of the systems in the future.
What do you think is your biggest IT security risk at the moment?
Social engineering in particular plays an immense role. It is absolutely essential to sensitise employees to the correct handling of emails. The results of the secure[check] have helped us to strategically address this issue.
In order to get a feel for employees' security awareness, we have sent test spam emails to employees in the past and checked the results.
If you could wish for something in the area of IT security, what would it be?
What I or the company would wish for is a well-functioning SIEM. My favourite would be the SIEM from the manufacturer splunk, as third-party products and solutions can also be integrated here. The intuitive and simple operation convinced me during a demo presentation. The correlation of data from different areas is an enormously effective and helpful tool.
What significance does IT security have for you personally?
It was also a marginal topic for me, but I was fascinated by it. By working with suresecure, I familiarised myself more and more with the topic and found it fun, so that I now have a much higher standard of security at home too.
There are so many unimaginable examples of cybercrime. I was once shown a film where hackers robbed a bank live. After just a few hours, €100 million had been transferred to another account. Of course, this was just a test to show the bank where there was room for improvement, but it just goes to show what is possible. Whether Walmart, easyjet, Playstation or Yahoo: Many large companies have already had to endure cyber scandals and we want to do everything we can to prevent that.
re
My credo is: you don't leave the door open at home either.
We would like to take this opportunity to thank you once again for your partnership and look forward to continuing our exceptional collaboration.
"}