How consumer sector companies tackling cybersecurity challenges

Belgian beer brewers Anheuser-Busch InBev SA have been at the forefront of the beverages market in developing cybersecurity tools. Following a rise in cyberattacks seen across the industry, AB InBev opened a cybersecurity unit at its base in Israel to analyze threats and potential attacks on the company. Increased digitalization of operations was cited alongside rising industry attacks as the need for the hub.   

In 2020 it developed an AI-powered technology called ‘BrewRight’ to detect corruption and fraudulent activities within its organization and among its business partners. The platform runs with the support of Microsoft Azure cloud and a Salesforce interface. This analytics platform enables swift tracking and identification of compliance risks associated with expansive supply chain networks.  

In March 2023, Anheuser-Busch InBev SA implemented a new digital tool, dubbed Lighthouse, aimed at assisting top-level executives in comprehending the multitude of cybersecurity and privacy risks confronting the company globally. This platform facilitates collaboration between AB InBev’s technology and legal departments to effectively address cybersecurity threats and privacy concerns that may have previously gone unnoticed.  

Recognizing that top executives often possess access to and responsibility for critical private data, AB InBev prioritized ensuring their thorough awareness of potential risks. Moreover, the dashboard serves as a mechanism for analysts to translate technical subjects into easily understandable insights for executives and board members.  

As well as developing its own tools, AB InBev also has partnerships with cybersecurity firms like Orange Business to offer connectivity services and support further developments AB InBev is making in the cybersecurity tools.   

In March 2024, a data breach affecting an Arby’s franchise run by DRM resulted in the personal information of many employees being accessed. The impact on the business has been profound.  

Arby’s is a US-based foodservice franchise that sells various fast food products. It is owned by the multi-brand restaurant company Inspire Brands, which owns other restaurant franchises including Baskin-Robbins, Dunkin, and Buffalo Wild Wings. Arby’s has over 3,500 branches and employs more than 22,000 people, and DRM runs 121 Arby’s franchises across the US.  

The Cactus Ransomware group targeted DRM Arby’s on March 12, 2024, with current and former employees’ names, social security numbers, driver’s license numbers, passport numbers, and health data being accessed without authorization. Despite the severity of this data breach, DRM took more than a month to alert affected individuals.   

As a result of this breach, the DRM Arby’s franchise is facing a proposed class action lawsuit. This lawsuit claims that DRM failed to properly train its staff and set up the proper cybersecurity systems and that the attack by Cactus Ransomware was “foreseeable”. It also alleges that DRM’s delay in notifying employees whose data had been accessed increased their vulnerability to identity fraud.   

This data breach and the company’s response have seriously impacted DRM Arby’s reputation, and the proposed class action lawsuit could result in serious financial damage. DRM Arby’s has not yet publicly responded to the data breach with any new cybersecurity announcements. 

Avery Dennison has faced significant challenges in maintaining email security, with over 36,000 employees operating in more than 50 countries. Its security team needs to prevent advanced attacks and minimize mail flow interruptions to protect intellectual property and ensure uninterrupted production. However, Google Workspace’s built-in security struggled to detect phishing messages from compromised vendor accounts, making investigation and remediation time-consuming for the small security team.  

Jeremy Smith, VP and Information Security Officer, said “Our vendors were being compromised and sending us phishing messages. Overall, Google does a decent job of hygiene, but they didn’t have much context about past messages to detect these external threats.”  

In September 2023, Avery Dennison turned to Abnormal for an automated, API-based email security solution. It cited a quick setup and efficient performance during the proof of value phase as some of the key reasons for the collaboration.  

The company used Abnormal’s system to analyze past email logs and quickly identify compromised vendors by integrating Abnormal with Google Workspace. Furthermore, Abnormal’s automation capabilities significantly reduced the manual work required for investigations and remediation. The platform included an integrated phishing reporting button in Gmail inboxes, streamlining the process of blocking and managing malicious emails.  

Implementing Abnormal’s automated security solution strengthened Avery Dennison’s vendor relationships. In addition, its security team regained 40 hours per week, which they redirected towards strategic projects like improving security information and event management (SIEM) tuning and detection capabilities. This contributed towards Avery Dennison improving its overall risk posture, allowing it to focus on more critical areas of its security infrastructure.