Overview

This company is a globally recognized logistics and freight forwarding company. For over 40 years, the company has supported organizations worldwide in various industries. This Fortune 300 enterprise offers supply chain optimization, unique systems for customs and compliance, transportation, and warehousing and distribution services. At its core, the company offers full-scale logistics and SaaS solutions for organizations of all sizes. Additionally, the company has expanded its portfolio with three large subsidiaries. 

Challenges

Assess Cyber Risk Posture Post-Breach  |  Little Cyber Risk Visibility  |  Uninformed Assessment Strategy

In 2022, the company suffered from a ransomware attack that shut down the company’s systems globally for three weeks and cost the organization $52 million in damages. Following the attack, the company had limited access to conduct operations, leading to a global domino effect of halted business processes as a logistics organization. This incurred a slew of top-down changes, including a new risk-oriented CISO and increased interest and support from executive leadership in cybersecurity. Leaders at the company were looking for a cybersecurity solution that would ensure proactive risk management and help mature their cybersecurity strategy to prevent future risks from materializing. 

Solution

Enterprise-Grade Visibility  |  Quantified Cyber Risk from the Top-Down  |  Informed Assessment & Remediation Strategy 

With an impetus to establish a new cybersecurity program from leadership, the company has many cybersecurity, starting with replacing its risk register process. Previously, the company had a manual risk register in spreadsheets that was not quantifiable or reflective of the current risk posture. The security team struggled to tie it to risk insights and leverage for reporting. Since the register was not quantifiable, the security team was limited in using the risk register to inform their cyber risk process. With CyberStrong, the company can centralize its approach through a NIST 800-30 risk register to identify and track risks and impacts in an easy-to-use and updated repository. Aiming to do more with their risk insights, the company will leverage CyberSaint’s exclusive cyber risk presets powered by the largest cyber loss dataset in the world to map threats to MITRE TTPs. By doing so, the company can also map the TTPs to controls and accurately prioritize risk efforts. To further mature their process, the company will standardize on NIST SP 800-171, the NIST CSF, and CMMC. With these core frameworks guiding their assessment process, the company will also use CyberSaint’s automated crosswalking function to map controls from one framework to another to discern control gaps. 

Using CyberSaint’s advanced automation for assessments, risk quantification, remediation, and crosswalking, the company can leverage this flexible solution to enhance decision-making, allocate resources efficiently, and prioritize risk strategies. With multiple risk models available, the company security team can tie risk data to controls to evaluate control and posture changes in near real-time. The company can confidently rebuild its cyber risk management program with a scalable solution that empowers the CISO with reportable and data-backed actionable insights for leadership discussions.