.svg)
Cybercrime is constantly evolving, and hackers are aware of the latest ways to penetrate the systems of various organisations. This is also the case for Dutch municipalities, which are responsible for their own information security. The municipality of Bergen (L) therefore sought a party that could investigate the municipality's digital resilience and perform a “Black Box test” in order to proactively prevent cyber incidents.
When performing a pen test, a PuraSec specialist takes on the role of a hacker and attempts to identify all digital vulnerabilities. The municipality of Bergen (L) chose PuraSec to support them in this process.
As a municipality, we are responsible for security measures to prevent attacks on our infrastructure. Because cybercriminals are aware of the latest ways to hack systems, we sought a party that could verify whether our IT infrastructure met current standards and whether we had taken the appropriate measures to prevent information security incidents. PuraSec is a member of 'Cyber Veilig Nederland', the association representing the interests of the cybersecurity sector. This reassured us that we could entrust this to a reliable party.
In 2020, we transitioned to a new workspace concept. The previous penetration test predated this change, making it especially important to have it verified. The municipality requested an external quality assurance check to ensure we hadn't overlooked anything.
Many problems can be prevented by properly configuring technical security within an organization. After consulting with a specialist from PuraSec, it was decided to conduct a so-called "black box" pentest, in which no information about systems or locations is shared beforehand. By using realistic scenarios, the working methods of a cybercriminal are simulated as closely as possible.
In the first phase, PuraSec specialists searched for leaked data. In the second phase, technical testing began using the findings from phase one; a realistic attack was simulated, searching for vulnerabilities.
We've had a penetration test done before, but it was a while ago. This penetration test was initiated ad hoc.
"The intake revealed that the municipality is critical of online security and would like to gain insight into the current status of the infrastructure."
- PURASEC
During our initial consultation with Purasec, our objectives were clearly defined, and the requirements for the project were clearly and concisely defined. The entire process, from request to delivery, took approximately three weeks, which we found to be very smooth. PuraSec's specialists supported us with all our cybersecurity questions and provided advice where needed. Thanks to the fast and direct communication with PuraSec, communication remained optimal, resulting in a pleasant collaboration with a satisfied client.
Despite being a small municipality, we must meet the high standards for the (digital) security of our information management. We are pleased that the PuraSec results demonstrate that we have made good progress in securing this information. We continue to periodically assess whether our infrastructure meets these requirements.
"Fast and direct lines with purasec ensure that communication remained optimal, which resulted in a pleasant collaboration with a satisfied client."
- MUNICIPALITY OF BERGEN
