Pepsi’s response post breach is commendable but not always viable


Pepsi’s post-breach response serves as exemplary for all enterprises, having swiftly reported the malware incident to law enforcement, strengthening its security with mandatory password changes and offering a years-worth of free identity monitoring services from risk and financial advisory company Kroll.

But for the majority of organisations, particularly SMB’s, offering access to identity monitoring services to compensate inconvenience just isn’t financially viable.

As with all cyberattacks it really doesn’t matter how the bad actors found their way in, weak passwords or otherwise. If they want to find a way in, they will! What really matters is what data they were able to leave with.

Organisations can take note of the commendable response to the incident, but prevention still trumps cure, and certainly would have caused those affected by the breach a lot less hassle and worry.

Extortion is the main focus for cybercriminal gangs and organisations should look to newer technologies like anti data exfiltration to stop them in their tracks and prevent any unauthorised data from being exfiltrated.