Mitigating Vulnerabilities of a Subsidiary
Vulnerabilities In a Subsidiary’s Direct to Consumer Interface Exploited
An subsidiary that sells insurance to consumers online experienced several cyber incidents, including a data breach. The subsidiary uses consumer-facing applications and therefore manages payment card industry (PCI), personally identifiable information (PII), as well as protected health information (PHI).
A Supply-chain Threat
The CISO of the parent company realized that security at the subsidiary needed to improve, not only for the sake of the integrity of the subsidiary’s customer data and business reputation, but also because the weakness of the subsidiary’s security posture posed a supply-chain threat to the parent company. The parent company and the subsidiary share some services with bidirectional security trust that could enable an attacker to elevate privileges and move laterally.
The CISO engaged Sygnia to do a posture analysis of the subsidiary.
Catalyzing A Continuous Improvement Process
Sygnia performed an extensive analysis of the company’s cyber security posture across specific security pillars that were chosen by the client. Sygnia found multiple areas that needed attention, including, as suspected, the ability of an attacker to move freely from the subsidiary to the parent company’s environment. Sygnia provided the client with a detailed report about the subsidiary’s cyber readiness, current vulnerabilities, along with specific recommendations to address them. The CISO of the parent company commented that he had gained much better visibility of the subsidiary’s cyber posture as well as a detailed strategy to enhance it to a level that would protect both the subsidiary and the parent company. The client addressed critical issues immediately and initiated a continuous improvement process to implement the recommendations in Sygnia’s report.