How a multinational bank reduced their Hackability by over 50%​

February 16, 2024 - 5 Min Read

Executive​ summary

As a multinational bank operating in over 17 countries, the customer required a seamless and holistic vulnerability management tool. Most critically they needed platform integration across all subsidiaries. ​

In this case study, you’ll learn how the client gained access to scalable, dependable cybersecurity remediation management, delivering actionable results across all global entities.​

The problem​

Centralised, complicated scanning data was overwhelming for local teams.​​

The customer was already running pentests and working with scanning engines in a top-down way — fully controlled from HQ. Their existing tools gave highly complex and granular data. With this overwhelming amount of difficult-to-digest data, they had no efficient way to manage vulnerabilities in a distributed way. They also had no clear measurement of how safe the company was — or how they were improving (or worsening!) over time.​

Their cybersecurity reports lacked any prioritization or remediation strategy. There were only a few security experts who could interpret and act on these reports. When they forwarded reports to IT Operations stakeholders in subsidiaries — many of them non-cybersecurity experts — these team members didn’t know where to focus efforts.​

When Autobahn Security started working with the bank in 2021, many critical vulnerabilities remained exposed.​

This photo has a black background and lists down two columns; one titled challenges and the other titles solutions. it shows 3 challenges that a multinational bank came across, and 3 solutions provided by AB that helped improve their hackability rating.

The solution

Cluster & prioritize these issues into actionable steps fixing root causes

Working with Autobahn Security, the bank were able to start prioritizing their remediation, with dashboards showing them which exposures mattered the most — and which posed negligible risk. ​
Daily Cyber Fitness Workouts gave their IT teams actionable steps that would drastically and immediately reduce their risk of cyber attacks. Since these workouts are designed to be approachable, even non-cybersecurity experts could follow them — reducing their reliance on the bottlenecked, centralised remediation workflows that had frustrated their security teams.​

A figure showing the steps of how Autobahn Security catagorieses vulnerabilities based on potential business impact, then calculates the hackability score per vulnerability, afterwards aggregates the individual results to calculate absolute Hackability, and at the end, it normalises the score by benchmarking to industry peers

Autobahn Security’s simple steps to improving Hackability

With Autobahn Security’s remediation prioritization and hackability tracking, the bank reduced their Hackability Score by 50% in 10 months.​​

The Autobahn Security platform gave a clear metric to measure and track cybersecurity progress. With our Hackability Score, they had an ongoing KPI — and a framework for understanding and assessing overall risk. ​

Figure shows how 964,024 vulnerabilities were discovered through scan engine, then they were eliminated, enriches and reclassified by Autobahn Security, and then mapped into 79 cyber fitness workouts. The Top 4 Cyber Fitness Workouts alone reduced the Hackability Score By approx. 24% The Top 10 Cyber Fitness Workouts overall reduced Hackability Score by approximately 46%.

964,024 vulnerabilities discovered through scan engine and turned into simple Cyber Fitness Workouts

The results

After incorporating Autobahn Security into their global cybersecurity infrastructure, all subsidiaries now got reports specifically designed for them. These reports include a list of all vulnerabilities detected — prioritized and labelled by severity — so teams can see what requires immediate action. Daily patching exercises mean remediations happen fast and security teams are no longer a bottleneck.

One piece of feedback stands out in particular: one subsidiary had ongoing problems with legacy equipment that had caused issues for months. After going live with Autobahn Security’s platform, they were able to quantifiably demonstrate to the country’s management team exactly how much this outdated equipment was impacting security.

This gave management the push they needed to update their systems — reducing the country’s hackability by 30% in just two weeks.

The entire company has adopted a Cyber Fitness Workout mindset — doing their daily Cyber Fitness Workouts to build Cyber-fitness over time. When they find new issues, they can quickly and agilely respond, using the Cyber Fitness Workout guides that Autobahn Security provides.

This is resulting in a renewed focus on maintain healthy infrastructure, as well as providing a single KPI they can use to report their progress to key stakeholders.

After one year of working with Autobahn Security, they are now ranking in the top quartile of their peers in the region.

