Which Fast Food Chain is Next in Line to Get Hacked?
Updated on April 19, 2018
Arby's announced last week that its recently disclosed data breach may impact 355,000 credit card holders that dined at its restaurants between October 2016 and January 2017. Are fast food vendors resilient enough to sustain future cyber attacks and—more importantly—protect consumers against online threats?
Like recent data breaches involving Wendy's and Subway, the Arby's cyber attackers employed point-of-sale (POS) malware to carry out the compromise. Hundreds of thousands of credit/debit cards may have been stolen from the company's cash registers and POS systems. Malware is one thing, but how does Arby's perform in terms of cyber resilience and website perimeter security? In a word, poorly.
Security flaws such as lack of sitewide SSL, missing HTTP strict transport security, disabled HttpOnly Cookies/secure cookies, and lack of DMARC/DNSSEC could leave its website at the mercy of cyber attackers.
Want to find out how other fast food vendors measure up in terms of cyber resilience? Check out our recent CSTAR coverage of the industry's leading fast food brands.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.