The year 2013 brought us the year of the breach. Target, JPMorgan Chase, Home Depot, Neiman Marcus, and others shared the spotlight for not only being breached but for spending millions (and in a few cases billions) of dollars on not only repercussions from a breach, but also on risk management and compliance regulations.
In 2015, it was reported JP Morgan Chase & Co. would spend $500 million on cybersecurity by 2016, and that same year it was reported Target had paid $252 million to manage the previous breach.
Now in 2017, with cybersecurity in the mind of businesses and consumers(and much of the world), and the accelerated growth of the cybersecurity market, global spending is predicted to exceed $1 trillion.
Is POS still important to talk about?
The importance of keeping a POS system secure may be at the awareness level, meaning the majority of businesses are aware of the challenge and aware of the need to bolster or increase IT spending. As the word cybersecurity itself was used with increased regularity in 2016, the question remains: was the crucial need to implement secure POS management given the same kind of attention?
An EY 2016 survey shows an increase in spending on cybersecurity from 2013-2016. According to the survey, 76% of responders were spending less than $2m in total in 2013. Today only 64% are spending less than $2m. In the most recent breach level index, it was reported that the number of breaches occurring due to malicious outsiders nearly doubled since 2013.
Why is POS continually targeted?
The short answer to why POS systems are a continual target:
Because it is easy.
Though it may appear to be cliché, the comment of “it is not a matter of if a breach will occur, but when,” is the hard truth.
Last year Russ Banham referenced the EY survey of IT leaders and infosec managers, noting only 1 in 5 leaders/managers fully consider infosec in their strategy and planning.
Banham’s comment on the complacency, “Makes little sense given the sharp uptick in hacking methods”, seems more than on target.
EMV to the Rescue?
Some estimates show up 70 percent of U.S. consumers are using cards with smart chips, though retailers are behind the push with less than half of all retailers using smart chip technology. But are the smart chips going to stop all fraud? Digging into this thought process a little deeper does expose a few additional questions. Why would organizations choose to stay behind with security instead of staying ahead?
And more importantly, if organizations are aware of the risk, why would they choose to ignore the need?
Change the Mindset, Change the Mind
The daily checklist of a typical IT manager, director, engineer, or in other words; The Lone Ranger, remains the same. The server is down, the website is being redesigned, we need to be PCI-compliant, we need new computers, and by the way, can you increase security for the organization without increasing the budget?
There have been many reasons attributed to the lack of spending in some industries, including shortage of personnel, monetary reduction, and overall lack of security awareness.
Simply put and though often thought of as boring, safe and secure infrastructure is required. Or, perhaps the thought of PCI compliance to ensure a secure POS system is not worth it since it technically sits in the room without an ROI.
Until the moment a breach is stopped.
And as EY reminds us, despite careless employees, phishing and malware being such major and known threats, only 24% have an incident response plan that would help them recover from malware and employee misbehavior.
Going above Requirements
File integrity monitoring of point of sale (POS) systems is a requirement of the payment card industry data security standards and is a best practice for ensuring that changes to these systems do not allow a breach of credit card and other customer data.
POS systems require file integrity monitoring due to being directly involved with the processing of credit cards. Changes to the OS and applications on POS systems can cause system downtime and worse, a breach of credit card data. Learn how CimTrak file integrity monitoring allows changes to be detected and alerted on instantly, allowing investigation before a problem occurs.
April 18, 2017