SecurityScorecard Helps Major Airline Protect Passengers and Planes from Cyber Threats

The Challenge

Headquartered within the United States, the major airline subject to this study carries more than 35 million passengers to 100+ cities each year. The airline prides itself on its customer experience, which informs its approach to cybersecurity.

This major airline collects a startling amount of sensitive customer data, ranging from credit card information to passport numbers. It also works with countless systems and partners to power its flight operations. In order to keep customers and planes protected against cyberattacks, the major airline has a robust cybersecurity team that works to ensure the company has the safest computing environment possible.

However, because the company leverages thousands of vendors, data providers, platforms, and flight operations organizations, the cybersecurity team struggled to keep up with all of the mission-critical vulnerabilities that could interrupt flight interruptions or expose customer data.

“Our SecurityScorecard score carries a big weight in terms of how we measure our risk. We know that an improvement in our score translates into a real-world improvement.”

– Cybersecurity Consultant

The Solution

The major airline uses SecurityScorecard to discover and track its vulnerabilities so it can make informed decisions about how to improve security. The cybersecurity team monitors the scores to:

• Quickly identify new vulnerabilities that might expose passenger data or flight operation systems.
• Prioritize and direct remediation efforts toward the most beneficial activities.
• Understand the security posture of the major airline’s vendors and partners to stop hackers from stealing the major airline data through a third-party system.

General Info

“SecurityScorecard is one of the tools we use the most. I use it at least three or four times a week.”

– Cybersecurity Consultant

The Results

Thanks to SecurityScorecard, this major airline has unmatched insight into its attack surface that it uses to prioritize and remediate any vulnerabilities that can impact the customer experience or flight operations.

• SecurityScorecard makes it easier to find vulnerabilities and take the right action faster. “What I enjoy about SecurityScorecard is that I’m able to look at our external attack surface and easily understand what I need to prioritize without having to dig too deep,” the Cybersecurity Manager said.
• The cybersecurity team uses the SecurityScorecard score to keep executives informed about the airline’s risk. “We report our score to upper management and the board as one of our KPIs so they can maintain visibility into our cybersecurity efforts.”
• The major airline can use SecurityScorecard to have more productive conversations with its cyber insurance providers. “One of our providers recently reached out with questions about our score to ask about specific findings, so I know they are actively measuring us with this tool. Because we use SecurityScorecard, I was already prepared and comfortable answering their questions. I am sure they use our score as a data point when determining our deductibles, rates, or whether to even offer coverage, so improving our score has an important role to play when it comes to managing our cyber insurance policies.”
• SecurityScorecard makes it simple to benchmark the airline’s security posture against other airlines. “We compare ourselves with a number of airlines of similar size and revenue. We use that metric to ensure that our cybersecurity is among the best-in-class.”
• The cybersecurity team uses vendor scores to help its vendors improve their own security, thereby protecting the major airline’s customers. “We work with a lot of large vendors and systems that have been around a long time in the aviation industry, and can have some antiquated processes. I can show them what SecurityScorecard sees from an unbiased perspective. They’re often very appreciative of it because a lot of the time they aren’t actively engaged in looking for vulnerabilities.”
• The major airline also uses SecurityScorecard to empower the due diligence of potential vendors. “One of the things our procurement department looks at when evaluating a new partnership opportunity is their score. We want to know how they handle their data before we trust them with ours. It gives us a good first impression, and helps us determine where we need to dig deeper.”