- Airline
- Case Study
Airline
Description
The company hires Wise Security to carry out a complete review of its flight sales portal and its two APPs (IOS and Android). In addition to the internal reviews that the IT team itself carries out periodically, the company wants to have confirmation of its robust cybersecurity from a third party.
The Flights sector is one of the most cyber-threatened in this decade and the company, fully aware of its attractiveness, prefers to re-audit its already secure and reviewed sales channels and direct contact with its customers. This way, you can count on the professional collaboration of Wise to carry out safety checks on your crown jewels and to corroborate their safety.
The history
The challenge
The group is an airline operating from Spain with routes to more than 130 destinations. It positions itself as a low-cost airline and operates essentially online for both ticket sales and customer service. The tourism and leisure sector is the third most targeted sector by cybercriminals (as announced at the II Digital Tourism Congress). These are highly publicised attacks, despite the great efforts and investments in cybersecurity by companies in the sector, which is fully aware and mature in establishing cybersecurity policies. In particular, airlines are targeted by cybercriminals. On the one hand, they steal sensitive customer information and on the other hand, fraudsters acquire this information in underground forums, then buy airline tickets and sell them on the black market at attractive discounts, thus managing to monetise the stolen information. The fact is that 97% of airline tickets are bought online. Aware of its attractiveness, the company is redoubling its cybersecurity efforts. Its reputation depends on it.
"The tourism sector, especially airlines, are in the crosshairs of cyber-attacks. We must have the best and the most cutting-edge to protect ourselves"
The solution
We focus our efforts in 2 areas: "Ethical Hacking" and "Perimeter protection, surveillance and response to critical incidents". As a result, we developed a Training and Certification Plan in which we prioritise obtaining professional certifications that allow the organisation to achieve the following objectives:
WEB ANALYSIS: Information gathering. Threat modelling and attack strategy definition. Vulnerability analysis. Scenarios and risks. Post-scanning.
APP ANALYSIS: Preparation. Static analysis. Dynamic analysis. Reconciliation of results.