No, we aren't talking about your burger-inhaling operator passing out on the job, leaving your precious IT assets unattended. You've probably guessed that we're referring to the latest Wendy's data breach announcement: on June 9th, the international fast food chain disclosed that its January 2016 security compromise was, in fact, a lot worse than originally stated—potentially eclipsing the Home Depot and Target data breaches.
As it turns out, the actual number of affected franchises is considerably higher than 5 percent—the original figure announced—though Wendy's has yet to disclose exactly how much. Joined by multiple credit unions and banks, Ex-Wendy's fans are putting their square burgers down and consolidating multiple class action lawsuits against the world's third largest hamburger fast food chain. And it gets beefier: credit unions are reporting volumes of Wendy's-related fraud incidents that outnumber those of Home Depot and Target.
Wendy's is just the latest casualty in a stream of high profile compromises involving point-of-sale (PoS) skimmers and RAM-scraping malware. Unfortunately, many of these systems are breached by exploiting easy-to-remediate security flaws like unpatched/outdated software and misconfigurations. It's hard to predict how many leading fast food chains are vulnerable, since most individual restaurants are independently owned and operated, but analyzing their respective brands' resilience postures may help reveal security flaws downstream.
The undisputed king of fast food chains scores low in the cyber risk department, especially when it comes to email and website perimeter security risks: lack of sitewide SSL, DMARC, and DNSSEC, to name a few.
Burger King: 352
It's may only be a matter of time before cyber attackers have it their way with this global fast food chain. A low CEO approval rating coupled with email and website perimeter security gaps make for a weak resilience posture.
In-N-Out Burger: 266
No discussion about burger franchises would be complete without West Coast favorite In-N-Out burger. Unfortunately, the popular chain scores a low CSTAR score of 266—mostly due to existing email and website security risks.
Top-down Security Patterns
Of course, fast food comes in all forms, not just burgers and fries. As it turns out, KFC, Taco Bell, and Pizza Hut—arguably the three biggest non-hamburger fast food brands—belong to the same parent corporation, Yum!, Inc., formerly Tricon Global Restaurants, Inc. Let's take a look at how they measure in terms of their CSTAR ratings.
Though it scores higher than the aforementioned three, the world's second largest fast food chain possesses various website perimeter security risks and a poor CEO approval rating to boot.
Taco Bell: 633
Taco Bell also falls within the average range when it comes to its CSTAR rating—again, scoring better than its hamburger counterparts, but clearly not thinking outside the bun security-wise.
Pizza Hut: 867
Pizza Hut—also owned by Yum!—scores high marks when it comes to its CSTAR rating. This should come as a relief to football fans, as the pizza chain sold a record-breaking $12 million in food through digital platforms on Super Bowl Sunday.
A few days ago, Taiwanese computer manufacturer Acer disclosed that "a flaw" in their online store allowed hackers to retrieve almost 35,000 credit card numbers, including security codes, and other personal information. How secure are these digital outlet stores, and what are the chances that if you use them you'll end up like Acer's customers?
Fixing Rampant PoS Flaws
Staying on top of vulnerabilities in a PoS-based retail infrastructure requires a multitude of vigilant measures such as continuously detecting system/software vulnerabilities and staying on top of updates and patches. Remote administration utilities like pcAnywhere and similar remote desktop tools are commonly used as entry points for attackers and should be removed from externally-facing systems. Last but not least, effective integrity monitoring ensures that critical files and configurations to PoS machines and supporting systems are always in a secure state. UpGuard provides these capabilities and more in a continuous security platform that monitors and validates your entire infrastructure.
So, can fast food be bad for cybersecurity? The answer is a resounding yes—but so is filling up at the gas station, checking out at the grocery store, getting cash at the ATM, and just about any other digital transaction transpiring on a daily basis. UpGuard's resilience platform ensures that all critical systems used in handling customer data—including PoS systems—are free from vulnerabilities and security gaps that could lead to data breaches.
Inside Microsoft’s Open Source And DevOps Initiatives For The Enterprise UpGuard 101: Verifying Windows Groups Top Retailers Who Should Know Better
If you're one of its 140 million cardholders around the globe, American Express wants you to know that your data is safe. The data breach recently announced by the U.S.' second largest credit card network reportedly involved a partner merchant and not Amex itself.
Read Article >
You’ve spent months with your team designing your company’s security strategy-- you’ve demoed and chosen vendors, spent money, and assured your users that this investment will pay off by keeping their business safe.
Read Article >
The following is a list of 11 online retailers who really should know better when it comes to security.
Read Article >