Simple immediate measures like MFA-Activation or setup your back up system can be done internally and immedaitely. For governance structures, principle guidance and supply chain review we recommend external support – especially if no internally dedicated IT security team has been appointed.