How Maestrani strengthens its cybersecurity with the help of ethical hackers

Cyberattacks pose a significant business risk, and Maestrani recognized the need for action. The company made a significant move by bringing in ethical hackers for a comprehensive Bugtest. Thomas Leitner, a member of the Maestrani executive team, explains how this strategic decision has helped improve security and brought the company's risk management into focus.

Thomas, why did Maestrani opt for a Community Bugtest?

Over the past few years, IT security has increasingly become a priority for us and our board of directors. We conduct at least one detailed discussion with the board each year about various types of risks.

I believe that the key to effective cybersecurity lies in constant review and adjustment. In addition to our internal security measures, such as phishing training and a crisis management plan, it was crucial for us to have an unbiased external review of our IT systems. GObugfree's Community Bugtest offered us just this opportunity.

Can you tell us about how the Community Bugtest was carried out?

The process was remarkably smooth and efficient. Working with the security experts was straightforward and well-organized. We informed our outsourcing partner a few days in advance to prepare for any potential disruptions.

What were the outcomes of the Community Bugtest, and how did it impact Maestrani?

The results were insightful and reassuring.. A key finding was that our main infrastructure is up to date. Our supplier ensures clean patch management, which, unfortunately, is not a given nowadays but is critically important for the security of our systems. We identified some vulnerabilities in our webshop, which we were able to quickly communicate to our outsourcing partner, thanks to the detailed report.

The execution of the Community Bugtest not only strengthened our IT infrastructure but also raised awareness of cybersecurity within the company. The report provided concrete results regarding our cybersecurity risk profile, which we could use in our discussions with the board. This transparency and level of detail helped us convey a clear picture of our current security situation and supported us in planning further steps to minimize risk. We plan to conduct the Community Bugtest annually and integrate it as a permanent part of our risk management activities.

What are the main benefits of the Community Bugtest for Maestrani?

The Community Bugtest yielded several valuable outcomes, including insights and tangible benefits. Notably, the process's efficiency stood out—it was quick and easy to implement, requiring minimal effort from our company. Beyond efficiency, the detailed and action-oriented report was a key advantage, providing clear recommendations and validating the competence of our outsourcing partner. This report proved to be an effective communication tool with our board of directors, laying a solid foundation for risk assessment discussions and facilitating the integration of external insights into our security strategy. Furthermore, the bug test played a crucial role in enhancing customer data protection. Conducting regular security reviews like this helps us reinforce customer trust and ensures a secure shopping experience.

Can you give us an insight into Maestrani's future plans regarding IT security and risk management?

Our goal is to continuously stay at the forefront of IT security. We plan to make regular Bugtests and security assessments an integral part of our IT strategy. Additionally, we aim to deepen our employee training in cybersecurity and implement the latest technologies for risk detection and mitigation. All this is to make our business processes safer and further strengthen the trust of our customers and partners.

Would you recommend the Community Bugtest to other SMEs?

Absolutely! The Community Bugtest offers a valuable external perspective that is invaluable for any company, regardless of size. It serves not only as an effective tool for risk assessment but also as an important basis for discussions with stakeholders and the board.