Case Study

Apparel Company Gains a Consolidated View of Its Security and a Stronger Cyber Posture with CYE

icon

Industry

Apparel Manufacturing

icon

Employees

30,000+

icon

Revenue

$9 Billion

icon

Headquarters

USA

The Challenge: A Need for Increased Visibility and Centralized Security Findings

As a publicly traded global retail company, the customer has a diverse multinational network of manufacturers and retailers, encompassing hundreds of store locations and a strong online presence. Consequently, the company must protect intellectual property as well as the data of guests, processes, and employees across various regions and countries.

The company’s reliance on a wide network of technologies to perform its global operations was a concern to the company’s chief information security officer, who realized he was missing a key consolidation component.

“Usually what happens is that you get different reports from different assessments,” he explained. “These reports only cover certain areas and domains, and these findings remain static and siloed.”

This makes it very difficult to build a holistic, cohesive security plan that touches on the different security problems the company faces. Therefore, the CISO’s goal was to merge findings about all vulnerabilities and security gaps that existed throughout the company’s systems.

“We have a huge amount of technology in our organization. We needed a way to track all of it and consolidate all these technologies. CYE was that missing piece.”

Chief Information Security Officer at Global Apparel Company

The Solution: Security Provider with Vulnerability Reporting, Tracking, and Visualizing Capabilities Across All Environments

CYE was brought on board to aggregate security findings from all the company’s areas of activity into one central system. Although the company started working with CYE just before Christmas—the height of the buying season—CYE was careful to conduct security assessments without interrupting operations.

CYE’s cybersecurity optimization platform, Hyver, identified vulnerabilities across the company and visualized how those gaps could be exploited by malicious actors. Hyver clearly presented the connections between the vulnerabilities in the company’s system and their potential risk to critical business assets.

“Many people in the company have never seen the potential effects of a vulnerability,” the CISO said. “Our security team and the company at large really needed that visual that Hyver gave us to better understand the effects of a cyberattack.”

In addition, Hyver’s cyber risk quantification put a dollar value on the cost of mitigation compared to the cost of a possible data breach. This increased visibility helped the CISO communicate cyber risk to stakeholders with ease, which caused a ripple of effect of improved communication companywide.

“The challenge I faced was being able to show a direct correlation between what I’m mitigating, what it’s costing me, and what it’s saving the business. CYE offers that quantification element to elevate the conversation about risk reduction.”

Chief Information Security Officer at Global Apparel Company

The Impact: 360-Degree View of Cyber Risk and Elevated Cybersecurity Maturity

With Hyver’s help, the company’s security team worked on mitigating various findings and improving the company’s security posture and maturity. At the same time, Hyver proved to be an invaluable way for the CISO to communicate mitigation prioritization to the business.

“I use Hyver to help executives understand specific attack routes and mitigations and to show what areas we are going to focus on,” he said. “Hyver provides me with visibility, so that I am in a better position now to have better communication.”

He noted that CYE’s comprehensive view of the company’s attack surface was what made the difference. “CYE can evaluate the assumptions you make about your environment—all 360 degrees of it—and check if you are right,” he said.

“What CYE offers is unique. You can find risk mitigation solutions and assessment specialists; you can find platforms that track or quantify your vulnerabilities. But I see no other companies that unify all these capabilities.”

Chief Information Security Officer at Global Apparel Company