securing your point of sale systems: stopping malware and data theft
DESCRIPTION
Point of Sale (POS) systems have long been the target of financially-motivated crime. And in 2013 the magnitude of cybercrime against POS systems skyrocketed, with 97% of breaches in the retail sector and 47% in the healthcare sector aimed against POS systems. With sensitive financial and personal records getting exposed by the millions, the FBI recently warned that POS systems are under sustained and continued attack. During this webcast, we will take you into the three critical entry points to POS system attacks. We’ll discuss how the attacks look, the timelines for these breaches, and what proactive security measures you can take to help your organization minimize the risk to your POS systems. •3 Critical Entry Points to POS System Attacks •Impacts to an Organization •Top 3 Security Measures to Minimize RiskTRANSCRIPT
![Page 1: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/1.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Securing Your Point of Sale Systems
Stopping Malware and Data Theft
February 20, 2014
Chris Merritt | Solution MarketingSource: http://www.wired.com/threatlevel/2014/01/target-hack/
![Page 2: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/2.jpg)
Today’s Agenda
Setting the Stage
Three Attack Vectors
Impacts on Organizations
Top Security Measures to Minimize Risk
![Page 3: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/3.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Setting the Stage
• Focus on POS Systems, but …» Need to consider other fixed function
assets which abound, such as ATMs, kiosks, self-checkout, etc.
» Need to consider the entire chain, including “back office” assets such as servers, workstations, etc.
•Focus on Retail Sector, but …» Need to consider other sectors where POS
systems and other fixed function assets are heavily used, such as the Healthcare and Financial sectors
3
![Page 4: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/4.jpg)
Three Attack Vectors
![Page 5: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/5.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Threat Environment
5
Source: Store Systems Security | Preparing for the Paradigm Shift– by IHL Group (Aug-2013)
![Page 6: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/6.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Threat Environment
6
Source: Store Systems Security | Preparing for the Paradigm Shift– by IHL Group (Aug-2013)
![Page 7: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/7.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Targeted Assets
7
Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013)
![Page 8: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/8.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Targeted Assets
8
Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013)
![Page 9: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/9.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Targeted Assets
9
Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013)
![Page 10: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/10.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Targeted Assets
10
Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013)
![Page 11: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/11.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Breach Timeline
11
![Page 12: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/12.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Security Alerts
12
![Page 13: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/13.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Security Alerts
13
![Page 14: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/14.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Security Alerts
14
![Page 15: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/15.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Three Attack Vectors
15
Physical Attack» Examples: Tampering, Beacons
» Impacts Front Line Assets
Network Attack» Examples: Hacking, Malware
» Impacts Front Line and Back Office Assets
Supply Chain Attack» Examples: Hacking, Malware
» Impacts Back Office Assets
![Page 16: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/16.jpg)
Impacts on Organizations
![Page 17: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/17.jpg)
US Breach Data (2005 – 2013)
17PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
1717
X-axis = Year Y-axis = Breach Count Bubble size = Breach Size
![Page 18: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/18.jpg)
Breaches by Organization Type (2005 – 2013)
18PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
1818
![Page 19: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/19.jpg)
Records by Organization Type (2005 – 2013)
19PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
1919
![Page 20: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/20.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Data Breach Costs
20
![Page 21: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/21.jpg)
Security Measures
![Page 22: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/22.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Defense-in-Depth
22
• Multiple layers of Security Controls» Redundancy in case
Failure or Exploitation
» Covers People, Process and Technical Controls
» Seeks to delay attack
• Endpoint security threats too complex» Need multiple technologies
/ processes
• Successful risk mitigation » Starts with solid Vulnerability
Management
» Add other Layered Defenses, beyond traditional Blacklist approach
» Consider both Network and Physical Vectors
© Creative Commons / Fidelia Nimmons
![Page 23: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/23.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Practical Defense-in-Depth
23
![Page 24: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/24.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Practical Defense-in-Depth
24
![Page 25: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/25.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Practical Defense-in-Depth
25
Whitelisting
![Page 26: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/26.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Breach Timeline (IS)
26
![Page 27: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/27.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Breach Timeline (Ideal)
27
![Page 28: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/28.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Additional Information
28
Free Security Scanner Tools» Application Scanner – discover all the apps
being used in your network» Device Scanner – discover all the devices
being used in your network
https://www.lumension.com/resources/premium-security-tools.aspx
Reports» Targeted Threat Protection for POS Systems
https://www.lumension.com/Media_Files/Documents/Marketing---Sales/Datasheets/Lumension-Endpoint-Security---Point-of-Sale.aspx
» Tolly Reports on Application Control vs. Antivirus Performance at http://www.tolly.com/Server: ~/DocDetail.aspx?DocNumber=213121 Client: ~/DocDetail.aspx?DocNumber=213126
Free Trial (virtual or download)http://www.lumension.com/endpoint-management-security-suite/free-trial.aspx
![Page 29: Securing Your Point of Sale Systems: Stopping Malware and Data Theft](https://reader033.vdocuments.site/reader033/viewer/2022052822/554f92ecb4c905d25b8b52dd/html5/thumbnails/29.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Global Headquarters8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828