CEO arranged his own cybersecurity, with predictable results • The Register | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

On Call It’s the last Friday of 2023, but because the need for tech support never goes away neither does On Call, The Register’s Friday column in which readers share their tales of being asked to fix the unfeasible, in circumstances that are often indefensible.

This week, meet a reader we will Regomize as “Jack” who told us he was a consultant/client liaison for a managed security services provider (MSSP) that worked with an African banking outfit.

“We provided a lot of services after they were penetrated by a state actor”, Jack told On Call, adding that this incident sparked a “panic purchase” of defensive tools and the know-how to run ‘em.

Jack rated the client’s CEO as “ possibly happy with our service but not happy with the amount of money.”

That attitude led to some robust exchanges between Jack’s boss and the bank CEO.

While the two CEOs were butting heads over whether the service provider’s offerings represented good value, Jack’s job involved monitoring a WhatsApp group used as an incident management tool.

And one Saturday evening, that group lit up.

Someone was on the network! Which was bad news in and of itself but also, perhaps, proof that Jack’s outfit was indeed a waste of coin.

Working with the bank’s staff, Jack triaged the incident. All soon concluded the intruder was inside the bank’s building. Further examination suggested the intruder was in fact on the floor that housed the CEO’s office … indeed, in that exact office!

“It turned out the CEO had used their favorite cybersecurity provider to do an unannounced test,” Jack told On Call.

Jack’s CEO protested strongly, which did wonders for the already-strained boss-to-boss relationship because the bank client promptly conducted a formal assessment of the MSSP’s work. In his mail to On Call, Jack described that experience as “like meeting an unhappy proctologist” and lamented that it was four long months before the relationship returned to a viable footing.

Have your clients worked against you and caused tech support troubles? If so, click here to send On Call an email so we can tell your story some time in 2024. ®


Click Here For The Original Source.

National Cyber Security