Five Security Lessons for Consumer Goods Companies

By their nature, large, global corporations are operating across many geographies and frequently acquiring and selling companies. This limits the ability to generate a proper security situation overview, especially for the company’s IT personnel themselves.

The sheer size of infrastructure comprising the cyberattack surface of these companies makes simple IT processes such as patching, upgrading, fixing and replacing vulnerable systems far more complex. Simply the way business is conducted means most organizations are connected with myriad third parties, inheriting security issues from those connections. Finally, even huge corporations face similar issues as smaller organizations: limited resources and knowledge about cyber and information security, with gaps in the IT teams charged with handling, respond-to and acting proactively to improve their security postures.

The least vulnerable companies have used specific strategies to ensure they remain protected. They have developed policies and procedures to ensure they avoid exposing a large attack surface. They have reduced administrative access to their external infrastructure and focused on securing maintaining their perimeter systems.

Cyber and information security needs to focus on intelligence and operational ability, with the actual technology tools a clear third. For companies who would like to achieve a greater level of protection, a specific focus on these five areas can address major problems without an enormous budget outlay.

·         Perform penetration testing on all external facing systems

·         Conduct red team exercises to identify weak links

·         Boost threat intelligence capabilities

·         Improve incident response and forensics capabilities

·         Educate employees on cybersecurity - before a breach occurs

In consumer goods, Kraft Heinz and Archer Daniels Midland of Chicago and Danone of Paris are doing the best job protecting their infrastructure, as they were found to be the top three least exposed to cyber threat companies by Peta AI, acybersecurity research project showcasing how large, global organizations appear to external attackers.

Danone has no compromised hosts, 75 vulnerable apps, and 623 leaked accounts in its security profile. ADM ranks higher, also with no compromised hosts, 447 leaked accounts, and 11 sensitive ports in its security profile. Kraft Heinz is less exposed in these areas: no compromised hosts, three sensitive ports, and 91 open ports.

The Peta AI team analyzed the Global 2,000, examining each enterprise’s cyberattack surface to determine how prospective attackers could infiltrate it, what information they can find, and where they would find it, such as within social media or the darknet. The result is a list of companies and sectors most vulnerable to cyber attacks and those that are less exposed. The cyber exposure reports detail exposure by geographical location and level from various sources such as compromised hosts, leaked accounts, exposed open ports, and vulnerable applications. Combining threat intelligence capabilities with a top-tier research team, Peta AI pinpoints companies with a considerable amount of data exposed about them, with a 70-to-80 percent accuracy rate.

Boaz Shunami is co-founder and CEO of Komodo Consulting, whole owner of the PETA.AI system, with two decades of experience in information technology and engineering, specializing in cyber, information and application security. Shunami has consulted for many global corporations and is able to address high-level strategy, as well as low-level technical analysis. If your company would like a free customized cyberattack surface report, click here to request one.