Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Securing Your Point of Sale Systems: Stopping Malware and Data Theft

383
views

Published on

Point of Sale (POS) systems have long been the target of financially-motivated crime. And in 2013 the magnitude of cybercrime against POS systems skyrocketed, with 97% of breaches in the retail sector …

Point of Sale (POS) systems have long been the target of financially-motivated crime. And in 2013 the magnitude of cybercrime against POS systems skyrocketed, with 97% of breaches in the retail sector and 47% in the healthcare sector aimed against POS systems. With sensitive financial and personal records getting exposed by the millions, the FBI recently warned that POS systems are under sustained and continued attack.

During this webcast, we will take you into the three critical entry points to POS system attacks. We’ll discuss how the attacks look, the timelines for these breaches, and what proactive security measures you can take to help your organization minimize the risk to your POS systems.

•3 Critical Entry Points to POS System Attacks
•Impacts to an Organization
•Top 3 Security Measures to Minimize Risk

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
383
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Securing Your Point of Sale Systems Stopping Malware and Data Theft Chris Merritt | Solution Marketing Source: http://www.wired.com/threatlevel/2014/01/target-hack/ February 20, 2014 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 2. Today’s Agenda Setting the Stage Three Attack Vectors Impacts on Organizations Top Security Measures to Minimize Risk
  • 3. Setting the Stage • Focus on POS Systems, but … » Need to consider other fixed function assets which abound, such as ATMs, kiosks, self-checkout, etc. » Need to consider the entire chain, including “back office” assets such as servers, workstations, etc. • Focus on Retail Sector, but … » Need to consider other sectors where POS systems and other fixed function assets are heavily used, such as the Healthcare and Financial sectors 3 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 4. Three Attack Vectors
  • 5. Threat Environment Source: Store Systems Security | Preparing for the Paradigm Shift– by IHL Group (Aug-2013) 5 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 6. Threat Environment Source: Store Systems Security | Preparing for the Paradigm Shift– by IHL Group (Aug-2013) 6 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 7. Targeted Assets Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013) 7 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 8. Targeted Assets Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013) 8 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 9. Targeted Assets Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013) 9 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 10. Targeted Assets Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013) 10 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 11. Breach Timeline 11 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 12. Security Alerts 12 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 13. Security Alerts 13 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 14. Security Alerts 14 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 15. Three Attack Vectors Physical Attack » Examples: Tampering, Beacons » Impacts Front Line Assets Network Attack » Examples: Hacking, Malware » Impacts Front Line and Back Office Assets Supply Chain Attack » Examples: Hacking, Malware » Impacts Back Office Assets 15 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 16. Impacts on Organizations
  • 17. US Breach Data (2005 – 2013) X-axis = Year Y-axis = Breach Count 17 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Bubble size = Breach Size
  • 18. Breaches by Organization Type (2005 – 2013) 18 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 19. Records by Organization Type (2005 – 2013) 19 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 20. Data Breach Costs 20 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 21. Security Measures
  • 22. Defense-in-Depth • Multiple layers of Security Controls » Redundancy in case Failure or Exploitation » Covers People, Process and Technical Controls » Seeks to delay attack • Endpoint security threats too complex » Need multiple technologies / processes • Successful risk mitigation © Creative Commons / Fidelia Nimmons » Starts with solid Vulnerability Management » Add other Layered Defenses, beyond traditional Blacklist approach » Consider both Network and Physical Vectors 22 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 23. Practical Defense-in-Depth 23 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 24. Practical Defense-in-Depth 24 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 25. Practical Defense-in-Depth Whitelisting 25 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 26. Breach Timeline (IS) 26 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 27. Breach Timeline (Ideal) 27 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 28. Additional Information Free Security Scanner Tools » Application Scanner – discover all the apps being used in your network » Device Scanner – discover all the devices being used in your network https://www.lumension.com/resources/ premium-security-tools.aspx Free Trial (virtual or download) http://www.lumension.com/endpoint-managementsecurity-suite/free-trial.aspx Reports » Targeted Threat Protection for POS Systems https://www.lumension.com/Media_Files/ Documents/Marketing---Sales/Datasheets/ Lumension-Endpoint-Security---Point-ofSale.aspx » Tolly Reports on Application Control vs. Antivirus Performance at http://www.tolly.com/ Server: ~/DocDetail.aspx?DocNumber=213121 Client: ~/DocDetail.aspx?DocNumber=213126 28 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  • 29. Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION