Point of Sale (POS) systems have long been the target of financially-motivated crime. And in 2013 the magnitude of cybercrime against POS systems skyrocketed, with 97% of breaches in the retail sector and 47% in the healthcare sector aimed against POS systems. With sensitive financial and personal records getting exposed by the millions, the FBI recently warned that POS systems are under sustained and continued attack.
During this webcast, we will take you into the three critical entry points to POS system attacks. We’ll discuss how the attacks look, the timelines for these breaches, and what proactive security measures you can take to help your organization minimize the risk to your POS systems.
•3 Critical Entry Points to POS System Attacks
•Impacts to an Organization
•Top 3 Security Measures to Minimize Risk
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
1. Securing Your Point
of Sale Systems
Stopping Malware and
Data Theft
Chris Merritt | Solution Marketing
Source: http://www.wired.com/threatlevel/2014/01/target-hack/
February 20, 2014
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
2. Today’s Agenda
Setting the Stage
Three Attack Vectors
Impacts on Organizations
Top Security Measures to Minimize Risk
3. Setting the Stage
• Focus on POS Systems, but …
» Need to consider other fixed function
assets which abound, such as ATMs,
kiosks, self-checkout, etc.
» Need to consider the entire chain,
including “back office” assets such as
servers, workstations, etc.
• Focus on Retail Sector, but …
» Need to consider other sectors where POS
systems and other fixed function assets are
heavily used, such as the Healthcare and
Financial sectors
3
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
5. Threat Environment
Source: Store Systems Security | Preparing for the Paradigm Shift– by IHL Group (Aug-2013)
5
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
6. Threat Environment
Source: Store Systems Security | Preparing for the Paradigm Shift– by IHL Group (Aug-2013)
6
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
7. Targeted Assets
Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013)
7
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
8. Targeted Assets
Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013)
8
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
9. Targeted Assets
Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013)
9
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
10. Targeted Assets
Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013)
10
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
15. Three Attack Vectors
Physical Attack
» Examples: Tampering, Beacons
» Impacts Front Line Assets
Network Attack
» Examples: Hacking, Malware
» Impacts Front Line and Back Office
Assets
Supply Chain Attack
» Examples: Hacking, Malware
» Impacts Back Office Assets
15
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
17. US Breach Data (2005 – 2013)
X-axis = Year
Y-axis = Breach Count
17
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Bubble size = Breach Size
18. Breaches by Organization Type (2005 – 2013)
18
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
19. Records by Organization Type (2005 – 2013)
19
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
28. Additional Information
Free Security Scanner Tools
» Application Scanner – discover all the apps
being used in your network
» Device Scanner – discover all the devices
being used in your network
https://www.lumension.com/resources/
premium-security-tools.aspx
Free Trial (virtual or download)
http://www.lumension.com/endpoint-managementsecurity-suite/free-trial.aspx
Reports
» Targeted Threat Protection for POS Systems
https://www.lumension.com/Media_Files/
Documents/Marketing---Sales/Datasheets/
Lumension-Endpoint-Security---Point-ofSale.aspx
» Tolly Reports on Application Control vs.
Antivirus Performance at http://www.tolly.com/
Server: ~/DocDetail.aspx?DocNumber=213121
Client: ~/DocDetail.aspx?DocNumber=213126
28
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
29. Global Headquarters
8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
info@lumension.com
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION