The challenge
Following a series of recent data breaches of financial institutions, the bank sought to validate that it was fully protected against various cyber threat actors and attack strategies. The bank was confident that it could handle serious cyber threats, based on a previous assessment performed by a large security provider that revealed just several minor vulnerabilities.
The solution
CYE’s combination of red team experts and AI technology allowed the organization to continuously monitor its cyber exposure, diagnose vulnerabilities and recommend a cost-effective mitigation plan.
The assessment included:
- Manual & automatic attacks
- Remote & on-site engagement
- Black Box approach
- 12 weeks of assessment
- An optimized mitigation plan
The results
The bank built a stronger cybersecurity posture that could help prevent cyberattacks from taking place.
- All predefined business goals were achieved
- Over 5,000 servers were assessed
- The optimized mitigation plan reduced the bank’s cybersecurity budget by 20%
Phase 1 – Baseline assessment
It took CYE’s team a few weeks to reach all critical business assets, as defined by the bank, after only being provided with a domain name.
Phase 2 – Optimal mitigation planning
After mapping all possible attack vectors, CYE’s Hyver used predictive analytics and unique algorithms to calculate the exploitability, severity, and potential business impact of each vulnerability. Hyver identified the most cost-effective mitigation steps by correlating business risks with remediation efforts, resulting in an optimal mitigation plan.
A few months after it began implementing the mitigation plan, he bank was able to make better-informed decisions about resource allocation. This resulted in removing unnecessary technologies and improving existing processes, allowing the bank to reduce its cybersecurity budget by 20%.
Hyver then continuously tested whether the mitigation plan was effectively implemented to validate that all issues were fixed.
Phase 3 – Continuous support
For the final stage, CYE ensured that the bank received necessary guidance and support in order to build and maintain a strong cyber posture. This included:
- 24/7 incident response
- Supply chain risk evaluation
- Cyber awareness training
Assessment deliverables
- A cost-effective mitigation plan prioritized according to the severity and exploitability of threats and potential business impact.
- Streamlined remediation with actionable recommendations to close security gaps.
- End-to-end validation of security measures and their effectiveness
- An objective and comprehensive assessment report, as well as a digestible and communicative dashboard to present to decision-makers.
- Access to the Hyver platform, including its dashboard, mitigation planner, findings, and more.
“The nature of cybercrime is constantly changing, and every area of the business has a responsibility to protect the organization and our customers. Our security teams are well trained, but it is still very challenging to know where the next attack might come from. This is where CYE comes in.”
The Bank’s Global CISO