Can Fast Food be Bad For Cybersecurity?

Posted by UpGuard

Is Fast Food Bad for Cybersecurity?

No, we aren't talking about your burger-inhaling operator passing out on the job, leaving your precious IT assets unattended. You've probably guessed that we're referring to the latest Wendy's data breach announcementon June 9th, the international fast food chain disclosed that its January 2016 security compromise was, in fact, a lot worse than originally stated—potentially eclipsing the Home Depot and Target data breaches. 

As it turns out, the actual number of affected franchises is considerably higher than 5 percent—the original figure announced—though Wendy's has yet to disclose exactly how much. Joined by multiple credit unions and banks, Ex-Wendy's fans are putting their square burgers down and consolidating multiple class action lawsuits against the world's third largest hamburger fast food chain. And it gets beefier: credit unions are reporting volumes of Wendy's-related fraud incidents that outnumber those of Home Depot and Target. 

Wendy's is just the latest casualty in a stream of high profile compromises involving point-of-sale (PoS) skimmers and RAM-scraping malware. Unfortunately, many of these systems are breached by exploiting easy-to-remediate security flaws like unpatched/outdated software and misconfigurations. It's hard to predict how many leading fast food chains are vulnerable, since most individual restaurants are independently owned and operated, but analyzing their respective brands' resilience postures may help reveal security flaws downstream.

monitor your configs

Mcdonalds: 385

The undisputed king of fast food chains scores low in the cyber risk department, especially when it comes to email and website perimeter security risks: lack of sitewide SSL, DMARC, and DNSSEC, to name a few. 

CSTAR - McDonald's

Burger King: 352

It's may only be a matter of time before cyber attackers have it their way with this global fast food chain. A low CEO approval rating coupled with email and website perimeter security gaps make for a weak resilience posture.

CSTAR - Burger King

In-N-Out Burger: 266

No discussion about burger franchises would be complete without West Coast favorite In-N-Out burger. Unfortunately, the popular chain scores a low CSTAR score of 266—mostly due to existing email and website security risks.

CSTAR - In-N-Out

Top-down Security Patterns

Of course, fast food comes in all forms, not just burgers and fries. As it turns out, KFC, Taco Bell, and Pizza Hut—arguably the three biggest non-hamburger fast food brands—belong to the same parent corporation, Yum!, Inc., formerly Tricon Global Restaurants, Inc. Let's take a look at how they measure in terms of their CSTAR ratings.

KFC: 642

Though it scores higher than the aforementioned three, the world's second largest fast food chain possesses various website perimeter security risks and a poor CEO approval rating to boot.

CSTAR - KFC

Taco Bell: 633

Taco Bell also falls within the average range when it comes to its CSTAR rating—again, scoring better than its hamburger counterparts, but clearly not thinking outside the bun security-wise. 

CSTAR - Taco Bell

Pizza Hut: 867

Pizza Hut—also owned by Yum!—scores high marks when it comes to its CSTAR rating. This should come as a relief to football fans, as the pizza chain sold a record-breaking $12 million in food through digital platforms on Super Bowl Sunday.

CSTAR - Pizza Hut

Fixing Rampant PoS Flaws  

Staying on top of vulnerabilities in a PoS-based retail infrastructure requires a multitude of vigilant measures such as continuously detecting system/software vulnerabilities and staying on top of updates and patches. Remote administration utilities like pcAnywhere and similar remote desktop tools are commonly used as entry points for attackers and should be removed from externally-facing systems. Last but not least, effective integrity monitoring ensures that critical files and configurations to PoS machines and supporting systems are always in a secure state. UpGuard provides these capabilities and more in a continuous security platform that monitors and validates your entire infrastructure.

So, can fast food be bad for cybersecurity? The answer is a resounding yesbut so is filling up at the gas station, checking out at the grocery store, getting cash at the ATM, and just about any other digital transaction transpiring on a daily basis. UpGuard's resilience platform ensures that all critical systems used in handling customer data—including PoS systems—are free from vulnerabilities and security gaps that could lead to data breaches.

How does UpGuard help IT Security?

More Articles

The Amex Partner Data Breach and Downstream Liability

If you're one of its 140 million cardholders around the globe, American Express wants you to know that your data is safe. The data breach recently announced by the U.S.' second largest credit card network reportedly involved a partner merchant and not Amex itself.
Read Article >

The Nightmare Scenario: When Your Security Provider Becomes a Security Problem

You’ve spent months with your team designing your company’s security strategy-- you’ve demoed and chosen vendors, spent money, and assured your users that this investment will pay off by keeping their business safe.
Read Article >

Top Retailers Who Should Know Better

The following is a list of 11 online retailers who really should know better when it comes to security.
Read Article >

Topics: malware, CSTAR, vulnerabilities, data breach

UpGuard Customers