Your Point-of-sale Should be a Point-of-security
CIOReview
CIOREVIEW >> RSA Security >>

Your Point-of-sale Should be a Point-of-security

Charles Henderson, VP-Managed Security Testing, Trustwave
Charles Henderson, VP-Managed Security Testing, Trustwave

Charles Henderson, VP-Managed Security Testing, Trustwave

Most PoS environments are optimized for ease of administration rather than security. Since network segmentation is often either inadequate or altogether non-existent, a breach can involve hundreds or even thousands of devices. Once an attacker knocks one PoS down, the rest fall like a line of clattering dominos.

"Many merchants even delegate PoS management entirely to a specialty vendor who typically has little experience in security and suffers far less brand destruction after a breach"

Part of the problem is that modern PoS systems seem to be mysterious magic boxes to many IT departments, who may prefer a hands-off approach rather than risk production instability. Many merchants even delegate PoS management entirely to a specialty vendor who typically has little experience in security and suffers far less brand destruction after a breach. As a result, defensive controls widely used in other systems are rarely deployed on what may be the highest-profile systems in the organization.

PoS systems shouldn’t be scary. In reality, they are usually just glorified PCs with specialized peripherals. While it’s true that criminals have developed specialized attack tools and techniques, the underlying flaws being exploited can usually be addressed with conventional strategies.

Check Out: Top Managed Security Service Companies

Vulnerabilities commonly found in PoS deployments range from the complex logic flaws to astoundingly simple but devastating shortcomings. On the simple end of the spectrum, default passwords, simple administrative passwords, and faulty remote access methods are common issues. These flaws are not difficult to find and even easier for an attacker to exploit.

Recently, our Trustwave security researchers found yet another new strain of PoS malware, which they named Punkey. Indeed, finding new variants of PoS malware is now a regular occurrence. Each time a researcher comes forth with a new discovery, retailers scurry to look for evidence of the latest, greatest malware. In the event that a retailer finds evidence of the malware, it is obviously too late.

Common sense dictates that a proactive approach would be beneficial. Rather than solely focusing on looking for evidence after the fact, the retail industry would be better served by proactively testing PoS deployments, segmenting networks, and enlisting proactive antimalware protection. Security awareness education training for employees could also be a useful tool.

While searching for traces of a crime that may have already been committed is a necessary due diligence action, there is so much more retailers can do to help stop the crime before it is too late.

Read Also

Basic And Applied Research In Aerospace Sciences At The Office Of Naval Research

Basic And Applied Research In Aerospace Sciences At The Office Of...

Knox T. Millsaps, Ph.D., SES Director, Division of Aerospace Sciences Office of Naval Research
CRM: The New Center of the Marketing Universe

CRM: The New Center of the Marketing Universe

Ryan Malone, Founder and CEO of SmartBug Media™
Insurance Market is in Full Swing in Tune with the Digital Transformation

Insurance Market is in Full Swing in Tune with the Digital...

Adilson Lavrador, Executive Director of Operations, Technology and Claims, Tokio Marine Seguradora
A Pro-Active Risk Management Approach Guides Pg&E's Supplier Quality Assurance Team

A Pro-Active Risk Management Approach Guides Pg&E's Supplier Quality...

Jamie Martin, Vice President of Supply Chain and Chief Procurement Officer, Pacific Gas and Electric Company
The Future Of Oil And Gas Industry With Digital Solution

The Future Of Oil And Gas Industry With Digital Solution

Azfar Mahmood, Product Manager, Jeremy Angelle Vice President Digital Solutions at Frank’s International
Epc Oil And Gas Companies’ Role In Scaling Up In Energy Transition

Epc Oil And Gas Companies’ Role In Scaling Up In Energy Transition

Matthew Harwood, GVP Strategy and Sustainability, McDermott International