Dozon

Core values that match

Speed, proactivity and a forward looking mindset are embedded as core values in all disciplines within the company, including cybersecurity. Edwin Meijer, who has been working at Dozon as Head of ICT since the end of 2022 and is also part of the management team: “Our motto is ‘Everything thought of’. That means we look beyond our primary service, delivering to our customers. We also pay attention to the associated processes, systems and devices, the foundation that in our view is needed to make doing business with Dozon run smoothly. A constant focus on our cyber resilience is an important part of that. A good cybersecurity policy and the right tools in the hands of the right people contribute to this. Naturally, this also includes the question for us: how do we prepare ourselves as well as possible for a cyber incident?”

Cybersecurity is high on the agenda at Dozon. “We first started with the basics, the so called low hanging fruit. After that, the risks were mapped out and we tried to assess them as accurately as possible by multiplying likelihood by impact (risk = likelihood x impact).” In 2023, it was decided to take the next step by selecting an MDR service provider. Edwin: “During the selection process, we discovered that there were many different services and options available. Think, for example, of a managed option or keeping Endpoint Detection and Response, EDR, in house, or service providers that do or do not have their own Computer Emergency Response Team, CERT. It quickly became clear to us that keeping EDR in house was not an option. Quite simply, we do not have the organisation to have specialist knowledge available for this 24/7, 365 days a year. So it soon became EDR in combination with SOC services. On top of that, it is useful if the SOC service provider also has its own CERT.”

Complete service delivery

During the selection process, attention was paid not only to the functional requirements and wishes, but also to the culture within the organisation. The speed with which questions were picked up, the pragmatic approach and the accessibility of the contact were a good match. That is how the choice for Tesorion was made. Edwin: “Once we had chosen MDR, we deliberately looked for a form in which our people are guided in matters such as ‘what does an alert mean’ and ‘what should I do with a specific alert’. Collaboration and knowledge sharing are very important to us. At the same time, we also realised that this alone was not enough. Monitoring, detection and response are valuable, but you also want to be able to rely on professionals if there is an incident, which is why we also chose a CERT retainer.”

Looking at the incident response process, it quickly became clear that this too follows the principle of “everything thought of”. In the event of a possible incident, it is important to be able to access objective and reliable information as quickly as possible. This information, logging, is essential. That is why Dozon’s level of preparedness was analysed together with the experts from the CERT. “When an incident occurs, you do not want to lose time. In the middle of the pressure, you want to be able to act as quickly as possible. For us, that means you want to have arranged the things you can practise or prepare.”

Forensic investigation is essential in the event of a possible incident, and the basic information required for this can be prepared well in advance. The experts from T CERT ensured that Dozon had taken all the necessary steps to have the right information available in the event of a possible incident. “You want to give this attention calmly and carefully, so that you are as well prepared as possible if an incident happens. That means checking whether logging is complete, whether the right logging is enabled, knowing where these files are stored, how to retrieve them from the systems and whether the retention period is set correctly. Hopefully it will never be needed, but if it does happen, it gives a reassuring feeling to be as well prepared as possible.”