
Your Point-of-sale Should be a Point-of-security


Charles Henderson, VP-Managed Security Testing, Trustwave
Most PoS environments are optimized for ease of administration rather than security. Since network segmentation is often either inadequate or altogether non-existent, a breach can involve hundreds or even thousands of devices. Once an attacker knocks one PoS down, the rest fall like a line of clattering dominos.
"Many merchants even delegate PoS management entirely to a specialty vendor who typically has little experience in security and suffers far less brand destruction after a breach"
Part of the problem is that modern PoS systems seem to be mysterious magic boxes to many IT departments, who may prefer a hands-off approach rather than risk production instability. Many merchants even delegate PoS management entirely to a specialty vendor who typically has little experience in security and suffers far less brand destruction after a breach. As a result, defensive controls widely used in other systems are rarely deployed on what may be the highest-profile systems in the organization.
PoS systems shouldn’t be scary. In reality, they are usually just glorified PCs with specialized peripherals. While it’s true that criminals have developed specialized attack tools and techniques, the underlying flaws being exploited can usually be addressed with conventional strategies.
Vulnerabilities commonly found in PoS deployments range from the complex logic flaws to astoundingly simple but devastating shortcomings. On the simple end of the spectrum, default passwords, simple administrative passwords, and faulty remote access methods are common issues. These flaws are not difficult to find and even easier for an attacker to exploit.
Recently, our Trustwave security researchers found yet another new strain of PoS malware, which they named Punkey. Indeed, finding new variants of PoS malware is now a regular occurrence. Each time a researcher comes forth with a new discovery, retailers scurry to look for evidence of the latest, greatest malware. In the event that a retailer finds evidence of the malware, it is obviously too late.
Common sense dictates that a proactive approach would be beneficial. Rather than solely focusing on looking for evidence after the fact, the retail industry would be better served by proactively testing PoS deployments, segmenting networks, and enlisting proactive antimalware protection. Security awareness education training for employees could also be a useful tool.
While searching for traces of a crime that may have already been committed is a necessary due diligence action, there is so much more retailers can do to help stop the crime before it is too late.
See Also:
ON THE DECK
Featured Vendors
THETA432: Performance, Precision, Efficiency, Visibility - The Key to Incident Response and Answer to the Talent Shortage
EveryCloud Technologies: Delivering Powerful Email Filtering Services" title="Graham O'Reilly, CEO & Co-Founder" style="float:left; margin-right:10px; margin-bottom:20px;" width="60px" height="50px">
EveryCloud Technologies: Delivering Powerful Email Filtering Services
Onepath: A Responsive Info-Security Management Framework – the easier way to dramatically improve your overall info-security posture
Covenant Security Solutions, Inc.: Revolutionary Solutions to Mitigate Security and Compliance Risks
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
DISRUPTING IoT CONSUMER CENTRIC SOLUTIONS
METAVERSES AND IOT: EVOLUTION OR SYMBIOTIC RELATIONSHIP?
The Sustainable Side Of The Internet Of Things
Embracing Technological Advancements And Innovation Through Diverse...
The Evolution Of Commercial Office Developments Through Digital Twin
How AI can help save us from the fallout of the Great Resignation
