The Cyberattack That Played Out Two Different Ways

Executive Summary

Two food manufacturing companies with the same ownership experienced the same cyberattack in the same weekend, and had two very different outcomes. 

One had spent the past year working with Marco to modernize its security foundation and get more out of the Microsoft licensing it already owned. The other was working with a smaller MSP, with a fragmented set of tools and no centralized management in place. When the attack hit, one company's environment contained the threat automatically and was completely cleared by Monday at noon.

The other spent days trying to recover.

Results at a Glance 

Here's how the same attack played out across both companies that weekend.

Beyond the incident itself, the partnership also produced measurable results:

• Microsoft Secure Score improved from 33% to 67% — compared to an industry benchmark of approximately 43–44% for organizations of similar size

• Device wipe and reload time dropped from 3–4 hours to under 30 minutes, fully remote via Autopilot and Intune

• Full central visibility and management established across all endpoints for the first time

Challenges That Initially Led to Our Partnership 

Like many of our manufacturing clients, this food manufacturer had a capable IT team carrying a heavy load — managing devices, handling security, supporting end users, and staying current as the threat landscape kept shifting. With only a small number of IT staff, there wasn't much room to get ahead of things.

A Structural Gap Hiding in Plain Sight

The company had grown through acquisition. Its new sister company operated under the same ownership but functioned almost entirely independently — its own IT personnel and MSP, its own tools, its own security posture.

This is common in M&A: The deal gets done, but full IT integration gets pushed to the back of the priority list.

The two environments shared the same VPN/network connections, but little else. What happened on one side was largely invisible to the other.

Too many tools, not enough clarity

Like many organizations post-pandemic, both companies had accumulated a stack of security tools over the years — endpoint protection here, identity management there. But the tools weren't integrated, alerts weren't being monitored consistently, and there was no single view of the environment. They couldn't easily tell what was working, what wasn't, or where the gaps were.

The Real Problem

When renewal time came around, it was always easier to just renew. What they really needed wasn't more tools — it was a partner who could look at the full picture, identify what they had and what they needed, and help them make it all more manageable internally going forward. 

That's not normally what IT providers do. 

Strategic Goals

Going into the engagement, the company had a clear set of outcomes they were trying to achieve:

•  Consolidating a fragmented tool stack into something manageable and consistent 
•  Gaining full visibility into every device on the network 
•  Strengthening identity and endpoint security without disrupting end users 
•  Building internal knowledge so the IT team could manage and grow the environment themselves 

•  Finding a partner who would work alongside them — not take over 

   

The Marco Solution: Modern Work 

The conversation with Marco started simply: The company had a number of IT tools coming up for renewal in the fall. The easy path was to renew them. Marco's team made the case for a different question — not "Which tools do we keep?" but "What outcomes are we actually trying to achieve?"

That reframe led to an ongoing Modern Work engagement. Rather than replacing tools with more tools, Marco worked with the IT team over 12 months to rebuild their security foundation on the Microsoft platform they already owned — and build the internal knowledge to manage it themselves.

The work covered three layers:

• Identity — Migrated from on-premises Active Directory to Microsoft Entra ID — securing access from anywhere through a zero-trust model.
• Devices — Microsoft Intune gave the team full visibility and central management of every endpoint, with security baselines pushed across the network. Microsoft Autopilot meant any device could be wiped and reloaded remotely in under 30 minutes.
• Data — Data loss prevention policies and Microsoft Purview controls ensured that even a known user on a secured device couldn't accidentally or maliciously expose sensitive information.

Underneath it all, Microsoft Defender for Business fed into a 24/7 managed detection and response (MDR) service that monitors and acts on threats around the clock.

A Partnership, Not Just an IT Project

To support this client, Marco provided weekly meetings (sometimes more), ongoing configuration, and continuous fine-tuning and mentorship as Microsoft's platform evolved.

The goal was never just to configure the tools — it was to make sure the IT team understood their environment well enough to manage it confidently and grow into it over time.

By month twelve, the IT director had hired a new IT team member to develop in-house Intune expertise — using their Marco partnership to train someone up rather than hiring fully-formed talent that's hard to find and expensive to keep.

Takeaways for IT Leaders Who Want To Simplify but Maintain Control

This story surfaces a few truths that apply well beyond food manufacturing:

• If you don't know what's in your environment, you can't protect it. 
• An IT partner can work alongside you, not just instead of you.
• Security isn't a project. It's a practice.

Not sure where your environment stands today? That's exactly where we start. Take our Microsoft Insights Assessment and get a clear picture of what you have, what's working, and where the gaps are.

It's also a quick and convenient way to get a preview of how we work!