Securing Your Point of Sale Systems: **Stopping Malware and Data Theft

100 %
0 %
Information about Securing Your Point of Sale Systems: **Stopping Malware and Data Theft
Technology

Published on March 3, 2014

Author: LumensionSecurity

Source: slideshare.net

Description

Point of Sale (POS) systems have long been the target of financially-motivated crime. And in 2013 the magnitude of cybercrime against POS systems skyrocketed, with 97% of breaches in the retail sector and 47% in the healthcare sector aimed against POS systems. With sensitive financial and personal records getting exposed by the millions, the FBI recently warned that POS systems are under sustained and continued attack.

During this webcast, we will take you into the three critical entry points to POS system attacks. We’ll discuss how the attacks look, the timelines for these breaches, and what proactive security measures you can take to help your organization minimize the risk to your POS systems.

•3 Critical Entry Points to POS System Attacks
•Impacts to an Organization
•Top 3 Security Measures to Minimize Risk

Securing Your Point of Sale Systems Stopping Malware and Data Theft Chris Merritt | Solution Marketing Source: http://www.wired.com/threatlevel/2014/01/target-hack/ February 20, 2014 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Today’s Agenda Setting the Stage Three Attack Vectors Impacts on Organizations Top Security Measures to Minimize Risk

Setting the Stage • Focus on POS Systems, but … » Need to consider other fixed function assets which abound, such as ATMs, kiosks, self-checkout, etc. » Need to consider the entire chain, including “back office” assets such as servers, workstations, etc. • Focus on Retail Sector, but … » Need to consider other sectors where POS systems and other fixed function assets are heavily used, such as the Healthcare and Financial sectors 3 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Three Attack Vectors

Threat Environment Source: Store Systems Security | Preparing for the Paradigm Shift– by IHL Group (Aug-2013) 5 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Threat Environment Source: Store Systems Security | Preparing for the Paradigm Shift– by IHL Group (Aug-2013) 6 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Targeted Assets Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013) 7 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Targeted Assets Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013) 8 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Targeted Assets Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013) 9 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Targeted Assets Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013) 10 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Breach Timeline 11 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Security Alerts 12 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Security Alerts 13 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Security Alerts 14 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Three Attack Vectors Physical Attack » Examples: Tampering, Beacons » Impacts Front Line Assets Network Attack » Examples: Hacking, Malware » Impacts Front Line and Back Office Assets Supply Chain Attack » Examples: Hacking, Malware » Impacts Back Office Assets 15 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Impacts on Organizations

US Breach Data (2005 – 2013) X-axis = Year Y-axis = Breach Count 17 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Bubble size = Breach Size

Breaches by Organization Type (2005 – 2013) 18 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Records by Organization Type (2005 – 2013) 19 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Data Breach Costs 20 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Security Measures

Defense-in-Depth • Multiple layers of Security Controls » Redundancy in case Failure or Exploitation » Covers People, Process and Technical Controls » Seeks to delay attack • Endpoint security threats too complex » Need multiple technologies / processes • Successful risk mitigation © Creative Commons / Fidelia Nimmons » Starts with solid Vulnerability Management » Add other Layered Defenses, beyond traditional Blacklist approach » Consider both Network and Physical Vectors 22 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Practical Defense-in-Depth 23 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Practical Defense-in-Depth 24 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Practical Defense-in-Depth Whitelisting 25 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Breach Timeline (IS) 26 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Breach Timeline (Ideal) 27 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Additional Information Free Security Scanner Tools » Application Scanner – discover all the apps being used in your network » Device Scanner – discover all the devices being used in your network https://www.lumension.com/resources/ premium-security-tools.aspx Free Trial (virtual or download) http://www.lumension.com/endpoint-managementsecurity-suite/free-trial.aspx Reports » Targeted Threat Protection for POS Systems https://www.lumension.com/Media_Files/ Documents/Marketing---Sales/Datasheets/ Lumension-Endpoint-Security---Point-ofSale.aspx » Tolly Reports on Application Control vs. Antivirus Performance at http://www.tolly.com/ Server: ~/DocDetail.aspx?DocNumber=213121 Client: ~/DocDetail.aspx?DocNumber=213126 28 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Add a comment

Related presentations

Related pages

Secure Your Point-of-Sale System | Symantec

Secure Your Point-of-Sale System News headlines have been ... Point of Sale Malware. ... Securing your credit card data and PoS environment from ...
Read more

Point-of-Sale System Breaches - Antivirus Software ...

... we recommend the following controls in your data ... Point-of-Sale System ... attacks, malware attacks, point-of-sale malware, ...
Read more

Malware Targeting Point of Sale Systems | US-CERT

... cyber criminals deliver malware which acquires card data as it ... Malware Targeting Point of Sale Systems ... identity theft include ...
Read more

A First Look at the Target Intrusion, Malware — Krebs on ...

... for a point-of-sale malware ... of identity theft. With every major CC breach you ... malware or encrypted data, that you ...
Read more

Data Theft | LinkedIn

View 2539 Data Theft posts, presentations, experts, and more. Get the professional knowledge you need on LinkedIn.
Read more

The POS Malware Epidemic: The Most Dangerous ...

... The Most Dangerous Vulnerabilities and Malware. ... type of card data theft come from a ... POS), Point-of-Sale (POS) Systems, POS Malware ...
Read more

Backoff Point-of-Sale Malware | US-CERT

“Backoff” is a family of PoS malware and has been discovered recently. The malware family has been witnessed on at least three separate forensic ...
Read more

Securing Your Computer to Maintain Your Privacy | Privacy ...

Securing Your Computer to Maintain ... securing your computer ... How California Businesses Can Protect Against and Respond to Malware, Data ...
Read more

Retail | Intel Security Solutions

Security and compliance for retail systems Mitigate unwanted and malicious programs. Prevent the installation and propagation of internal and external ...
Read more