Leading Hospitality Organisation Strengthens Business Resilience

Established for over 30 years, our customer operates over 400 restaurants, pubs and concessions throughout the UK, including some of the UK’s best-known brands. Over the last three years, they have experienced significant growth, driven by acquisitions, strategic partnerships, and expansion into new markets, with an increased focus on enhancing their customer’s experience. 

Assessing Infrastructure and Threat Response 

Like many organisations, our customer experienced operational complexities of maintaining a flexible business model across a diverse range of offices and branches and wanted to ensure its operational resilience to cyber attacks was clearly understood. They also wanted to have complete confidence in their technical detect and response functions to ensure protection was in place against a cyber attack. Inclusive of these challenges, they fundamentally wanted to:  

• Understand the cyber posture and hygiene of existing infrastructural foundations against ‘known good state’ operating models. 
• Ensure that the organisations operational resilience to cyber-attacks was clearly understood 
• Have confidence that the businesses technical detect and response functions could protect against attack. 

A Three-Month Strategic Maturity Program 

Enhancing our customer’s cyber security resilience involved a three-month consultancy project focusing on assessing infrastructure, implementing attack-based assurance testing, and developing an effective incident response framework. The Maturity Program included: 

An Assessment of cyber control posture and hygiene – The top priority was to assess the organisation’s existing infrastructure and cyber security posture against known good state operating models, specifically the configurations and hygiene position of User Endpoints, Servers, Active Directory, M365 and Azure.   

A Program of Attack-Based Assurance Testing – The customer required evidence of the ‘as is’ cyber controls’ ability to protect against increasing levels of attacker capability, and details how to improve cyber operations. The Acora team identified the Mitre ATT&CK techniques to which the estate was being subjected to and undertook active attack tactics to emulate multiple levels of attacker competence from inside and outside the estate – starting with those techniques, which, if successful, would result in embarrassment. They then increased the complexity of testing to evidence the business impact of an attacker in multiple ‘assumed breach’ scenarios. 

Incidence Response Planning – Our customer wanted to rapidly improve the operational Cyber Incident Response (IR) maturity to ensure a timely and appropriate response should a notable cyber incident occur. Together, we built and delivered a customised, end-to-end Incident Response Framework, guided by Acora’s wisdom of managing over 300+ live incidents. 

Attack Informs Defence 

Having adopted an ‘Attack Informs Defence’ model, our customer can now evidence a clear and prioritised view of the potential impact of an attack. 

In addition, should a notable cyber incident be experienced, there is now a fully operational Incident Response Plan in place, including continued support from Acora, to rapidly reduce the impact on the business. 

A Transformative Journey  

Evidence from this program of activity has transformed the organisations understanding of their cyber security posture and capabilities.  Insights gathered act as a source of reassurance for the business leaders, allowing them to gain clarity on strategic priorities and how these fit alongside the overarching goal of protecting the business. 

Acora look forward to developing the partnership in the years ahead, further supporting our customer to remain confident in their cyber resiliency against cyber attacks.