Challenge
- Decentralized operations made it difficult to maintain an accurate asset inventory, with varied technologies and techniques across teams.
- Fragmentation led to gaps and increased risk of unidentified vulnerabilities due to lack of centralized visibility.
- High false positives from previous cybersecurity vendors and challenges in identifying vulnerabilities like Log4J highlighted issues.
- Integrating disparate security systems during mergers required unified security coordination to manage the complexities effectively.
Solution
- Centralized system and active scanning tools for a unified and real-time view of all assets.
- Accurate identification, prioritization of risks, and automated detection to minimize false positives and manage vulnerabilities efficiently.
- Unified security standards and continuous monitoring to ensure compliance with all regulations across business units and acquisitions.
- Significant reduction in false positives, allowing the security team to focus on genuine threats.
Outcome
Strategic Growth through Partnerships
The group, headquartered in Spain with key operations in France and Germany, serves businesses worldwide from its strong European base. From January 2023 to June 2024, the company announced 25 new partnerships across aviation and non-aviation sectors, enhancing technological and operational capabilities. Notable aviation partnerships included major airlines and airports such as TAP, Air Canada, Virgin Atlantic, and Sydney’s new airport.
In the non-aviation sector, the company formed 14 partnerships with companies in hospitality, travel and tourism, technology, and other industries, from Accor to Microsoft. These collaborations expanded the company’s reach and technological prowess but also introduced significant cybersecurity challenges due to increased system access points and integration of new technologies.
Addressing Cybersecurity Challenges
The company faced several cybersecurity issues, including maintaining an accurate asset inventory due to decentralized operations and dealing with exposure risks from fragmented systems. Passive scanning methods further limited their ability to detect and respond to risks effectively, leading to a reliance on a previous vendor that produced numerous false positives and missed genuine vulnerabilities.
Acquisitions brought unused domains that increased the risk of exploitation, and ensuring compliance with regulations like the Spanish Data Protection Law and the EU Cybersecurity Act required vigilant management. Integrating disparate security systems from mergers necessitated a unified and proactive approach to security coordination across newly acquired entities and existing operations.
A leading multinational technology company providing software solutions for the global travel and tourism industry through its Global Distribution System (GDS) and Information Technology (IT) divisions.
195
Countries operated in
173
Local commercial organizations
16
Employees
Start your journey today
Experience faster, simpler, and easier automated penetration testing in a quick 20-minute demo.