How MOBIA Helped a Leading Canadian Fast Food Franchise Build a Foundation of Cybersecurity and Maintain a Streak of Zero Breaches

Use Case Details
Canadian Fast Food Franchise

Key Challenges

With the rapid advancement in technology and digital transformation in recent years, IT became a strategic priority for our client, a leading Canadian fast food franchise. To secure strategic IT initiatives and protect its brand reputation, the company established an internal cybersecurity team. Faced with the challenging tasks of building a foundation for cybersecurity, streamlining its processes, and securing a new loyalty program and mobile application, the small team needed help.

Key Results

Initially engaging MOBIA on small initiatives, the fast food franchise’s cybersecurity team quickly came to see MOBIA as a valuable partner. Over two years, MOBIA has helped the company improve its security controls and maintain a streak of zero security incidents resulting in lost revenue or downtime.
Client profile
Client
Leading Canadian fast food franchise
Industry
Restaurant
Project Scope
Security governance, penetration testing, supply chain security, loyalty program and application security
Locations
1,000+ across Canada
Background

Background

With more than 1,000 locations from Vancouver to Newfoundland, MOBIA’s client has become an iconic Canadian brand with a rich history. But supporting a growing number of franchise locations in a rapidly evolving market looks different than it did when the company’s first restaurant opened its doors in the 1950s and the company owes its continued success, in part, to its ability to adapt.

Today, IT represents a strategic priority for the popular franchise and, in response to the rise in cyberthreats and emerging trends in the field, it established an internal cybersecurity team. Aware that his lean team would need support, the company’s Director of Technology Security and Infrastructure, engaged MOBIA.

Objectives

Objectives

Early on, the cybersecurity team identified that with a sprawling network of vendors and suppliers, it would be difficult to develop a clear picture of the company’s risk landscape. In IT alone, the franchise relied on 21 vendors. Without a complete understanding of exposure, the security team couldn’t effectively secure the franchise’s operations. Doing it efficiently was out of the question.

The IT team was also working on building an app to enable convenient mobile ordering at launch. Eventually, the app would be updated with a loyalty program. With high-profile loyalty program breaches making headlines, securing the app to protect the brand and its customers is critical to the success of the program.

Solution

Solution


As the cybersecurity team began to unravel the web of vendors and suppliers, they engaged MOBIA on several smaller initiatives. The expertise the MOBIA team brought to these smaller projects proved to be invaluable and working with them was easy. “We worked with other partners where everything felt like a negotiation and where there were a lot of gotchas,” said the Director of Technology Security and Infrastructure. “MOBIA is much more flexible and easier to work with. They feel like much more of a partner.” 

MOBIA quickly became the team’s primary cybersecurity partner, helping the franchise build a solid foundation to secure future strategic initiatives.  

Developing a clear picture of the threat landscape with a risk register

For the popular fast food franchise’s cybersecurity team, understanding its cybersecurity risk was a critical step in safeguarding the organization from threats and data breaches. Without this holistic view, the team wouldn’t be able to prioritize security initiatives, take proactive steps to mitigate risks, or streamline security practices.

With help from MOBIA, the team built a comprehensive risk register, cataloging every potential security risk. More than executional support, the cybersecurity experts at MOBIA were instrumental in identifying and quantifying the risk each vendor, system, and application introduced into the environment. For instance, they discovered that an internet service provider had deployed misconfigured routers to approximately 15 restaurant locations, opening them up to attacks.

Addressing threats systematically with security governance

As the company continued to improve its security posture, it leaned on MOBIA’s team for support and expertise to develop a structured approach to managing cybersecurity risk tailored to its goals and environment. Laying a foundation of security governance, the MOBIA team drew on its expertise with NIST and CIS frameworks to advise on policies and processes to defend against cyberthreats. 

As part of this governance work, MOBIA led the company through a series of penetration tests, analyzing gaps in disaster response and recovery and recommending ways to close them. 

As a result of this governance work, the popular fast food franchise has put more CIS V8 controls in place, achieving a double digit percentage increase in implemented controls over just one year.

Improving efficiency with streamlined supply chain security

By cataloging vulnerabilities and quantifying the risk vendors and suppliers introduced in its environment, the iconic franchise had taken a big step to streamline its supply chain cybersecurity. Next, its team worked with MOBIA to build a set of best practices and guardrails to help franchise locations protect themselves from vulnerabilities. With documented guidance for franchises to follow, the security team took another important step towards streamlining supply chain security.

Securing the brand loyalty program with a shift left approach

With the launch of its app, the brand made it easy for customers to place mobile orders. Next, its technology team turned its attention to integrating a loyalty program into the successful application. Recognizing that security is paramount for any system that handles customer data, the cybersecurity team engaged MOBIA to secure the app’s loyalty program functionality. With a deep understanding of the benefits of using a shift left approach, MOBIA has worked with the development team to secure the new app features as they’re developed. By building in security during development, the teams working on the application and loyalty program can identify flaws early and fix them faster, speeding launch and ensuring the application code remains streamlined.

Benefits

Benefits

a double digit in the percentage of implemented CIS V8 controls
a clear view of the threat landscape
efficient cybersecurity processes
0 security incidents leading to lost revenue or downtime
Outcome

Outcome

Over the course of two short years, this popular franchise has improved its security posture significantly with MOBIA’s support and expertise. With a clear picture of its risk landscape and a solid foundation of governance, the company has developed a comprehensive and systematic approach to security and addressing supply chain risk. In addition, these changes have helped the cybersecurity team implement more CIS V8 controls, improving the company’s overall security posture. 

There’s another notable benefit to these changes: reducing the time it takes the cybersecurity team to prepare for annual audits. The Director of Technology Security and Infrastructure estimates that he and one other member of his team would invest a week preparing documentation for auditors. Today, they’re able to provide governance and security posture documentation to meet auditor’s needs quickly and with minimal effort. 

With a more focused approach to cybersecurity, the franchise has been able to integrate cybersecurity into its new loyalty program mobile app features as they’re being developed. This ensures development is efficient and that security is built into the core of the application. 

Looking at the work the franchise’s cybersecurity team has done together with MOBIA from a high-level strategic perspective, the Director of Technology Security and Infrastructure had this to say, “Our work with MOBIA doesn’t help us sell more burgers, but we have a goal of zero cybersecurity incidents that lead to lost revenue or downtime, and I believe that work has contributed to achieving this goal so far.”

The future of cybersecurity for the franchise

The future of cybersecurity for the franchise


In a highly competitive industry like fast food, responding to changes in the market and your customer’s needs requires constant evolution. In turn, being able to evolve successfully relies on a solid foundation. With MOBIA’s help, this popular Canadian franchise’s cybersecurity team continues to refine that foundation, protecting the brand and its customers from cyberthreats. The cybersecurity team will continue to focus its efforts on meeting more of the CIS V8 controls. As the company rolls out the new loyalty features within its mobile application, the team will monitor security with support from MOBIA to ensure its locations and customers are protected.

PRoblem
This is some text inside of a div block.
solution
This is some text inside of a div block.
Outcome
This is some text inside of a div block.
Download the success story
Download the success story
Contact Us
Show More
Close
"Our work with MOBIA doesn’t help us sell more burgers, but we have a goal of zero cybersecurity incidents that lead to lost revenue or downtime and I believe it has contributed to achieving this goal so far.”
Director of Technology Security and Infrastructure
Leading Canadian Fast Food Franchise
Industry:
Restaurant
Solution:
Risk register, Governance and penetration testing, Streamlined supply chain security, Securing the new mobile app features