Cyber-security
Culina Group case study: cyber-security that delivers
How Culina Group is securing its future of business with BT’s Security Advisory Services.
June 12, 2023
5 minutes
Cyber-security
Culina Group case study: cyber-security that delivers
How Culina Group is securing its future of business with BT’s Security Advisory Services.
June 12, 2023
5 minutes
Following a period of acquisitional growth Culina needed to evaluate their cyber-security landscape and processes.
BT’s Security Advisory Services provided an independent review of existing security measures, recommending a framework to protect the current and future growth of Culina.
New frameworks are to be put in place, making sure that the business can continue to grow through acquisitions without increasing the cyber-security risk.
In the last year, 72% of large UK businesses faced cyber breaches. As a company that deals with 2.2 million orders per year, Culina Group wanted to minimise the risk of a severe cyber breach happening to its business.
The company depends on its IT and operational technology for every aspect of the business. So, it’s essential that its cyber-security is robust enough to shield these systems from the increased risk that comes with hybrid working and evolving threats.
A cyber attack on Culina Group would have big consequences, not just for the organisation itself, but for the overall supply chain too.
The challenge
Culina Group has grown significantly over recent years, following several acquisitions. Each addition brought its own culture and new ways of doing things. And while this kept the business growing and evolving, it quickly changed the threat landscape. Culina Group found itself looking with limited visibility across the entire digital estate. And this made it potentially vulnerable to cyber-attacks.
Cyber-security was under the remit of the internal IT team. But as the business grew, finding the resources to keep on top of new threats and keep up with the number of acquisitions became more of a challenge. The team was up against a skills shortage; a well-known problem for organisations across the globe as the demand for skilled security professionals outstrips supply.
The team wanted to get a better understanding of the current cyber-security situation. They needed an independent assessment that they could present to senior execs, showing the security posture of each brand. This would be the first step to strengthening their defences and standardising measures across the various businesses within the group. So, they turned to us to get that independent view.
Strong cyber security means everything to our business. Any impact on the confidentiality, integrity or availability of our systems and data is felt very keenly.
The solution
The first step was to build an understanding of Culina Group’s existing network setup. Our Security Advisory Services team ran a series of interviews across the seven biggest sub-brands for Culina Group, to understand the controls that were in place and assess the risks.
This resulted in a detailed report that outlined how robust the existing security measures were, along with a 13-step programme of recommendations to improve them.
This process took about a month, during which time the Culina Group team was able to focus on other business priorities. This enabled them to utilise resources and budget in the most effective way while knowing we were building them a prioritised list of actions.
The report provided the evidence needed to get commitment and investment from the board to prioritise cyber security. The assessment also gave the new CIO, a detailed overview of the cyber security landscape of the business.
To help set the programme in motion, the CIO engaged us for additional consultancy. We shaped the security roadmap around business priorities, ambitions, and current resourcing, using the best tools available from a variety of security vendors.
Moving forward, cyber security is now an important priority when it comes to Culina Group’s acquisition process. Our recommendations have provided a framework to ensure that they’re not putting their business at risk.
If a risk is identified from an acquisition, the business can be quarantined in a separate part of the network until any issues have been resolved and cyber security brought up to standard.
Thanks to BT Security, we have quick visibility of all different businesses’ levels of compliance with the Centre for Internet Security (CIS) controls framework. This has been instrumental in helping us develop a fact-based information security improvement strategy.
The result
The security health check has given the Culina Group team an actionable programme, allowing them to focus their efforts where it matters most. They also have continued access to our dedicated cyber-security experts, ready to provide independent advice and recommendations for staying protected from end to end.
We’re vendor agnostic, partnering with best-in-class providers with the expert knowledge of our in-house security specialists, which means we can recommend the best solutions for the unique challenges facing Culina Group.
All of this means the team at Culina Grouphase has taken a big step towards securing their organisation for the future of work. The current security landscape has been improved, thanks to our 13-step programme of priorities.
This process has allowed new frameworks to be put in place, making sure that the business can continue to grow through acquisitions, without increasing the cyber security risk.
BT’s insight has helped us identify a prioritised list of improvement actions, as well as focus resources to help us make the business more secure and robust – now and into the future.
