CEO Orchestrated His Own Cybersecurity, with Predictable Outcomes

CEO Orchestrated His Own Cybersecurity, with Predictable Outcomes

On Call Chronicles: A Tech Support Friday Tale

It’s the final Friday of 2023, a day when technical support is still in high demand. Welcome to On Call, The Register’s weekly feature where readers relay their experiences fixing improbable problems under often-questionable circumstances.

The Consultant’s Story: Managing Expectations in an MSSP

This episode introduces us to “Jack,” a consultant and client liaison at a Managed Security Services Provider (MSSP) who recounts his dealings with an African bank client.

Emergency Response to a Cyber Breach

After the bank suffered a breach by what Jack referred to as a “state actor,” it led to an urgent acquisition of security tools and expertise to utilize them, a scenario Jack directly observed and supported.

The Cost of Security: A CEO’s Dilemma

Despite the bank’s CEO possibly feeling content with Jack’s MSSP services, the financial burden left him less than thrilled, an issue that prompted some frank discussions on the true value of professional cybersecurity services.

The Clash of Executives Over Security Investments

These discussions became increasingly intense between Jack’s boss and the bank’s CEO, while Jack himself was keeping an eye on a dedicated WhatsApp group for incident management.

WhatsApp Alert: A Troubling Signal on a Saturday Night

One Saturday evening, the WhatsApp group became active with alarming news: an unauthorized person was detected on the network, a development that could seemingly vindicate the CEO’s reluctance to spend on security services.

A Plot Twist in the CEO’s Office

As the investigation unfolded, it became apparent that the source of the intrusion was within the bank’s own walls, alarmingly situated on the same floor as the CEO’s office. The twist? The very office in question was the scene of the breach.

Revelation: An Unscheduled Security Test

The strange incident was eventually attributed to an unannounced security test conducted by the CEO’s preferred cybersecurity firm—an event that took Jack and his team by surprise.

Frayed Relationships and Post-Incident Evaluations

Jack’s CEO expressed strong discontent with this secret test, straining the relationship between the two companies. This tension was heightened when the bank decided to formally review the MSSP’s effectiveness, a process likened to an uncomfortable medical examination, further damaging their working relationship.

Call to Share Your Own Tech Support Sagas

If you’ve faced challenges with clients that seem to fight against the very tech support you provide, On Call invites you to share your story by emailing, potentially to be featured in the 2024 lineup.

Read More