Few corporate rivalries are as legendary as these two enterprise contenders; admittedly, there have been more than a fair share of comparisons pitting the pair against each other over the last century. So we're offering a twist to the traditional cola challenge: how do Pepsi and Coke stack up in terms of cyber resilience? Read more to find out.
Like many dominant brands, Pepsi and Coke are also compromised of a myriad of popular offerings that span the globe. For example, Coca-Cola also owns Sprite, Fanta, DASANI, and Minute Maid; similarly, PepsiCo owns Mountain Dew, Gatorade, Aquafina, Lipton, to name a few. Keep in mind that each has its own website with varying levels of cyber resilience—for this comparison, we'll focus solely on the flagship brands, Coke and Pepsi.
As they undergo digital transformation to provide more diverse, competitively-priced products and services, Coke and Pepsi—as well as other global enterprises—have also assumed varying amounts of digital risk. What do their CSTAR scores reveal about their cyber resilience postures and security fitness?
Coca-Cola's most recent security incident in 2014 involved a data breach of 74,000 employee records—employee social security numbers, driver's license numbers, financial data, and other information were exposed after a disgruntled employee stole dozens of laptops.
Coke's low CSTAR score of 428 is a result of a myriad of flaws present in its website perimeter security, namely lack of sitewide SSL, lack of HTTP strict transport security, server information leakage, and disabled DMARC/DNSSEC.
Pepsi made cybersecurity news headlines back in 2008 when a missing storage device resulted in the exposure of employee data. Since then, however, the company has managed to steer clear of major cybersecurity incidents.
Like Coke, Pepsi's low 475 CSTAR score reflect several critical security gaps in its website security posture, including lack of sitewide SSL, disabled HTTP strict transport security, and missing DMARC/DNSSEC/SPF.
Side-by-Side CSTAR Scoring: Coke vs. Pepsi
When it comes to enterprise cyber resilience, the world's two largest beverage vendors suffer from similar website perimiter security issures such as lack of DMARC/DNSSEC and missing HTTP strict transport security. A lack of sitewide SSL on both companies' websites could lead to a man-in-the-middle (MiTM) attack.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.