Airline

The challenge

The group is an airline operating from Spain with routes to more than 130 destinations. It positions itself as a low-cost airline and operates essentially online for both ticket sales and customer service. The tourism and leisure sector is the third most targeted sector by cybercriminals (as announced at the II Digital Tourism Congress). These are highly publicised attacks, despite the great efforts and investments in cybersecurity by companies in the sector, which is fully aware and mature in establishing cybersecurity policies. In particular, airlines are targeted by cybercriminals. On the one hand, they steal sensitive customer information and on the other hand, fraudsters acquire this information in underground forums, then buy airline tickets and sell them on the black market at attractive discounts, thus managing to monetise the stolen information. The fact is that 97% of airline tickets are bought online. Aware of its attractiveness, the company is redoubling its cybersecurity efforts. Its reputation depends on it.

"The tourism sector, especially airlines, are in the crosshairs of cyber-attacks. We must have the best and the most cutting-edge to protect ourselves"

The solution

We focus our efforts in 2 areas: "Ethical Hacking" and "Perimeter protection, surveillance and response to critical incidents". As a result, we developed a Training and Certification Plan in which we prioritise obtaining professional certifications that allow the organisation to achieve the following objectives:

WEB ANALYSIS: Information gathering. Threat modelling and attack strategy definition. Vulnerability analysis. Scenarios and risks. Post-scanning.

APP ANALYSIS: Preparation. Static analysis. Dynamic analysis. Reconciliation of results.