The security risk that today’s technology firms assume can be staggering, and the implicit trust relationship that exists between a managed services provider and their clients is exceptionally high. From possessing highly sensitive user account passwords, to having direct access to corporate data, technology firms are an increasingly attractive target for determined threats. Understanding this risk, and desiring to provide further value to their clients, Managed Services Provider Kotman Technology sought an independent review of their organization.
”The security assessment of a traditional client, and the assessment of a technology firm require entirely different approaches”, said Brian Horton, CEO of Breadcrumb Cybersecurity. “You’re not only assessing risk from the perspective of internal systems and processes, but also from the lens of their client support infrastructure.” The developed plan was three-fold: 1) assessment of isolated infrastructure assets, 2) isolation and attack of customer support platforms, and 3) direct targeting of technical team members. By leveraging varying approaches, Breadcrumb was able to provide practical and realistic scenarios for the Kotman team.
The engagement concluded with tangible and actionable outcomes for the Kotman staff. By understanding how a determined threat would locate and attack strategic resources, Kotman was able to refine their security posture. Once complete, engagement outcomes not only improved Kotman’s defenses, but added significant benefit to all of their customers.