Member Submission

It is important for businesses to make sure that IT companies are regularly testing their own security and taking proactive steps to ensure it. The interconnectivity of digital systems means that a vulnerability in one area can have cascading effects across an entire network and the supply chain, which includes the businesses that IT companies are meant to protect!

We stand out from most other IT companies in holding tabletop simulations that put our own security and responding protocols to the test, in this article we give you some more insight into what’s involved, how we do it and the importance of these exercises.

How Your Cyber Security Vendors Can Be a Risk for Your Business

A cornerstone responsibility of an IT support provider is to safeguard the integrity of their client's IT systems. This role extends beyond just applying security measures, it involves deep, continuous monitoring and management of their digital environment to prevent unauthorized access and data breaches. However, if their own tools get compromised, this can turn into a powerful weapon for cybercriminals.

The recent increase in supply chain attacks, where hackers target less secure elements in a supply chain to access larger networks, illustrates this risk vividly. It's therefore paramount that an IT provider not only focuses on external cybersecurity threats but also fortifies its own systems from infiltration by today’s cyber bad guys.

We minimize this risk by holding tabletop exercises that simulate attacks on our own business. Surprisingly, this is something that most IT companies are not doing.

While we have confidence that our cyber security frameworks and tools are robust, we also follow the principle that assumption is the mother of all screw ups. Tier 3 is no exception to this, so we put our beliefs to the test and take a scientific approach to our cyber security, here’s how we do it.

Simulating Cyber Attacks: How We Test Our Internal Security

Firstly, we create a controlled replica of our IT environment to prevent any actual impact to our business and clients. We then simulate a range of cyber-attack scenarios on this environment and test its integrity against these attacks, and our own team's incident response.

To do these exercises, we effectively ‘lock’ ourselves in a room, simulate network attacks and action our incident response plans against them, document technical and processual improvements that we can make to improve our IT environment’s integrity further, as well as the speed, quality and thoroughness of our responses.

This is also an invaluable opportunity for education in our team for both long-term and newer staff alike at Tier 3. By holding these exercises regularly and coordinating and refining our processes, we also maintain an exceptional cyber security culture.

We simulate the attacks across the full spectrum of our network, thus testing our:

• Employee awareness and readiness
• Network security
• Device security
• Application security
• Cloud infrastructure
• Endpoint security
• Remote access policies

The Benefits of Vendor Cyber Incident Simulations for Businesses

We think that all IT companies should be taking the time to regularly test their defences, not only because its best practice but also because the consequences can be critical if a cyber threat does hijack an IT companies’ own tools and data.

The benefits of these simulated exercises are wide ranging. Firstly, they serve as a critical tool for continuous learning and improvement. By regularly testing our defences against simulated attacks, we’re able to pinpoint vulnerabilities or weaknesses in our systems and processes and then address them with new measures and improved processes.

Finally, we just think it’s the right thing to do! It’s win-win, we empower ourselves, our staff, and our clients to operate more securely with these exercises. We want our clients and partners to have confidence that we’re taking every step we can to practice what we preach, giving them peace of mind to focus.