Cyber Resilience Challenge: Coke vs Pepsi

Updated on July 4, 2018 by UpGuard

 

Few corporate rivalries are as legendary as these two enterprise contenders; admittedly, there have been more than a fair share of comparisons pitting the pair against each other over the last century. So we're offering a twist to the traditional cola challenge: how do Pepsi and Coke stack up in terms of cyber resilience? Read more to find out. 

Like many dominant brands, Pepsi and Coke are also compromised of a myriad of popular offerings that span the globe. For example, Coca-Cola also owns Sprite, Fanta, DASANI, and Minute Maid; similarly, PepsiCo owns Mountain Dew, Gatorade, Aquafina, Lipton, to name a few. Keep in mind that each has its own website with varying levels of cyber resilience—for this comparison, we'll focus solely on the flagship brands, Coke and Pepsi.

 

As they undergo digital transformation to provide more diverse, competitively-priced products and services, Coke and Pepsi—as well as other global enterprises—have also assumed varying amounts of digital risk. What do their CSTAR scores reveal about their cyber resilience postures and security fitness?

 

Coke

Coca-Cola's most recent security incident in 2014 involved a data breach of 74,000 employee records—employee social security numbers, driver's license numbers, financial data, and other information were exposed after a disgruntled employee stole dozens of laptops. 

CSTAR - Coke

Coke's low CSTAR score of 428 is a result of a myriad of flaws present in its website perimeter security, namely lack of sitewide SSL, lack of HTTP strict transport security, server information leakage, and disabled DMARC/DNSSEC.

 

Pepsi

Pepsi made cybersecurity news headlines back in 2008 when a missing storage device resulted in the exposure of employee data. Since then, however, the company has managed to steer clear of major cybersecurity incidents.

Screen Shot 2017-03-07 at 5.54.31 AM.png

Like Coke, Pepsi's low 475 CSTAR score reflect several critical security gaps in its website security posture, including lack of sitewide SSL, disabled HTTP strict transport security, and missing DMARC/DNSSEC/SPF.

 

Side-by-Side CSTAR Scoring:
Coke vs. Pepsi

When it comes to enterprise cyber resilience, the world's two largest beverage vendors suffer from similar website perimiter security issures such as lack of DMARC/DNSSEC and missing HTTP strict transport security. A lack of sitewide SSL on both companies' websites could lead to a man-in-the-middle (MiTM) attack. 

Coke

Screen Shot 2017-03-07 at 6.16.50 AM.png

Pepsi

Screen Shot 2017-03-07 at 6.18.05 AM.png

 

Curious about how well your favorite brands perform when it comes to critical measures of cyber resilience and security fitness? Try out our free CSTAR Chrome Extension or sign up for an in-depth customized demo of UpGuard's cyber resilience platform today.