CEO arranged his own cybersecurity, with predictable results
Cleaning up after hackers is easy compared to surviving the politics of consultancy
On Call It’s the last Friday of 2023, but because the need for tech support never goes away neither does On Call, The Register’s Friday column in which readers share their tales of being asked to fix the unfeasible, in circumstances that are often indefensible.
This week, meet a reader we will Regomize as “Jack” who told us he was a consultant/client liaison for a managed security services provider (MSSP) that worked with an African banking outfit.
“We provided a lot of services after they were penetrated by a state actor”, Jack told On Call, adding that this incident sparked a “panic purchase” of defensive tools and the know-how to run ‘em.
Jack rated the bank's CEO as “possibly happy with our service but not happy with the cost.”
That attitude led to some robust exchanges between Jack’s boss and the bank CEO regarding the value of professional infosec services.
While the two CEOs were butting heads, Jack’s job involved monitoring a WhatsApp group used as an incident management tool.
And one Saturday evening, that group lit up.
Someone was on the network! Which was bad news in and of itself but also, perhaps, proof that Jack’s outfit was indeed a waste of money.
- ‘I needed antihistamine tablets every time I opened the computers’
- Superuser mostly helped IT, until a BSOD saw him invent a farcical fix
- 'The computer was sitting in a puddle of mud, with water up to the motherboard'
- You don't get what you don't pay for, but nobody is paid enough to be abused
Working with the bank’s staff, Jack triaged the incident. All involved soon concluded the intruder was inside the bank’s building. Further examination suggested the intruder was in fact on the floor that housed the CEO’s office … indeed, in that exact office!
“It turned out the CEO had used their favorite cybersecurity provider to do an unannounced test,” Jack told On Call.
Jack’s CEO protested strongly, which did wonders for the already-strained boss-to-boss relationship because the bank promptly conducted a formal assessment of the MSSP’s work. In his mail to On Call, Jack described that experience as “like meeting an unhappy proctologist” and lamented that it was four long months before the relationship returned to a viable footing.
Have your clients worked against you and caused tech support troubles? If so, click here to send On Call an email so we can tell your story some time in 2024. ®