In our previous piece regarding the Verizon Data Breach Investigations Reports for 2014, we explored the Executive Summary to give an overview of the process and findings it included from incidents in 2013. This entry focuses on the topic of point-of-sale (POS) systems and the information related to them with the report.
Point-of-Sale Under Attack
The report details how the majority of attacks are perpetrated by entities outside of an organization, this means that employees and partners must beware of threats outside of their enterprises. Organized criminal gangs are ever-vigilant of opportunities to exploit intrusion vectors that have been left unsecured or have low levels of protection.
Motived by financial gain, these cybercriminals are constantly looking at POS system vulnerabilities. Banking data or payment systems are hot targets due to criminals’ ability to rapidly monetize data. It is worth noting that in 2013, 14% of the breaches that were reported were POS intrusions. The report also notes that many of these breaches had occurred weeks before they were finally discovered.
POS systems in the hospitality, accommodation, and retail industries are particularly attractive, which is not surprising given the abundance of payment cards maintained in those sectors. It is critical that businesses are compliant with PCI-DSS but they must also go beyond those requirements to truly secure their IT environment. Companies are still learning the hard way that simple compliance is not enough.
Conclusion
Luckily there are steps that can be taken to increase the cybersecurity posture of your organization, such as:
- Remote access can be restricted
- Policies regarding strong passwords must be enforced
- Use two-factor authentication
The 2014 Verizon Data Breach Investigations Report is very comprehensive and covers a wide variety of other topical issues. It is certainly worthwhile reading for anyone concerned with understanding current issues in IT security.
Tags:
CybersecurityJune 5, 2014