As a real-estate company, Meier Real Estate AG manages thousands of sensitive data records – unfortunately, it has been the target of scamming attempts. With Cyber-Risk Discovery, the SME gained transparency over external cyber risks and was able to take targeted measures. 

Customer 

Meier Real Estate AG* is an established real-estate agency with its headquarters in Zurich. Around 80 employees at four locations manage a broad portfolio of rental and sale properties and handle thousands of sensitive data records every day. This includes rental and purchase agreements, financial information, identity documents and customers’ personal data. The IT landscape comprises a central ERP solution that maps all commercial processes, plus cloud applications for collaboration, business email accounts and various interfaces to external service providers. The systems are managed by a small internal IT department that doesn’t have any in-depth cybersecurity expertise.

Initial situation 

With the increasing digitisation of business processes, dependence on digital systems also has grown. Contracts are now processed digitally, customer details are stored in cloud applications and the majority of communication takes place via email and other digital channels. At the same time, the industry has increasingly become the target of cyber criminals in recent years. And Meier Real Estate hasn’t escaped either. There have been a number of fake domains, purportedly acting on behalf of the company. These were used to persuade customers to transfer fake rental deposits. Although the company managed to prevent any damage in these cases, it lost confidence in its own security situation. 

Management recognised that the company was facing a significant risk. In addition to the potential damage to its reputation, there was also the threat of legal consequences. The situation was challenging for the IT department: On the one hand, there was no overall view of the external attack surface, and on the other hand, the small team was unable to carry out in-depth analysis. There was a risk that sensitive data could be compromised or regulatory requirements couldn’t be met.

Why Cyber-Risk Discovery from Sunrise Business? 

Meier Real Estate was looking for a solution that would deliver a quick overview without straining internal resources. Cyber-Risk Discovery offered exactly that: advanced AI-powered analysis that examines externally visible systems, domains and cloud services and reveals when data has fallen into the wrong hands. A particularly attractive feature was the direct access to the analysis results via the platform. Instead of waiting for abstract reports, the IT department could see at any time which risks had been detected, how they were prioritised and which measures were being recommended. 

The management appreciated the approach that involved uncovering cyber risks which an attacker would detect. This was intended to identify vulnerabilities before cyber criminals could exploit them. At the same time, Cyber-Risk Discovery promised predictable costs: a one-time annual fee, including a second analysis after a few months to confirm the effectiveness of the measures.

Solution and collaboration 

Getting started was easy. Sunrise Business set up the customer profile for the AI-powered analytics platform from ImmuniWeb. Within a few days, the initial analysis was completed – and it identified a number of vulnerabilities needing immediate action. These included expired SSL certificates that compromised encrypted data transmission and stolen email details circulating on the dark web. In addition, configuration errors were discovered in a cloud application that could have allowed unauthorised access to internal information. 

It was particularly helpful that the platform not only listed the results, but also sorted them according to their urgency and recommended specific steps for action. As a result, the IT team was able to address the most pressing risks immediately. Thanks to the integrated 24/7 support, a team of experts was also on hand to answer specific questions. The real-estate company’s team used this service for help in configuring multi-factor authentication and implementing best practices for managing cloud permissions.

The result 

After just a few weeks, Meier Real Estate had closed significant vulnerabilities. Certificates were renewed, multi-factor authentication was introduced and cloud permissions were reorganised. The transparency that the company gained through the platform was particularly valuable. Instead of operating in the dark, the IT department now knew exactly what cyber risks existed and which measures offered the greatest positive impact. 

After four months, the reassessment confirmed that the most important measures had been implemented successfully. The documented efficiency gain was particularly valuable: the company managed to reduce its risk-management and compliance preparation efforts by around 50%, because the platform set priorities and made all certificates centrally available. At the same time, the second analysis showed that new threats could continue to arise, for example, from newly registered fake domains. This insight helped raise awareness of cybersecurity within the company for the long term. Today, Meier Real Estate considers itself better equipped to respond to new cyber threats and has established clear processes to monitor cyber threats and take countermeasures in good time, thereby ensuring that a cyber attack doesn’t occur in the first place.  

It was particularly important to management that the solution didn’t just highlight risks, but also delivered a clear business benefit. Compliance risks were reduced, audits were carried out more efficiently and customer trust was strengthened. Instead of needing to commission expensive external consultants, the agency can now achieve a high level of security at a manageable cost.

Benefits 

• Transparency across the entire external attack surface 

• Access to an analytics platform with clear cyber-risk prioritisation 

• Specific recommendations for action, and easy to implement, even for small IT teams 

• Detection of critical IT vulnerabilities such as stolen access data, faulty cloud configurations and expired certificates 

• 24/7 expert support for practical assistance with any questions 

• Reassessment by means of a second analysis to prove that security vulnerabilities have been closed permanently 

• Reduced compliance risks and simpler audit preparation 

• Increased trust from customers and business partners

*This practical example of Meier Real Estate AG is fictitious. However, the experiences outlined are of great relevance to many SMEs.