This post was originally published here by .
Arby’s announced last week that its recently disclosed data breach may impact 355,000 credit card holders that dined at its restaurants between October 2016 and JanuaryĀ 2017. Are fast food vendors resilient enough to sustain future cyber attacks andāmore importantlyāprotect consumers against online threats?
Like recent data breaches involvingĀ Wendy’s and Subway, the Arby’s cyber attackers employedĀ point-of-sale (POS) malwareĀ to carry out the compromise. Hundreds of thousands of credit/debit cards may have been stolen from the company’s cash registers and POS systems. Malware is one thing, but how does Arby’s performĀ in terms of cyber resilience and website perimeter security? In a word,Ā poorly.
Security flaws such as lack of sitewide SSL, missing HTTP strict transport security, disabled HttpOnly Cookies/secure cookies, and lack of DMARC/DNSSEC could leave its website at the mercy of cyber attackers.
Want to find out how other fast food vendors measure up in terms of cyber resilience? Check out ourĀ recent CSTAR coverageĀ of the industry’s leading fast food brands.
Ā
