April 20th, 2015 by Elma Jane

With each year comes a new set of security risks businesses need to be aware of. The threats that have seen the most growth over the last year include point-of sale (POS) malware, malware traffic within secure and encrypted HTTPS websites and attacks on computer systems designed to control remote equipment.

Everyone knows the threats are real and the consequences are dire, so we can no longer blame lack of awareness for the attacks that succeed. Hacks and attacks continue to occur, not because companies aren’t taking security measures, but because they aren’t taking the right ones.

The large number of highly publicized POS breaches last year has heighted the need to make sure that businesses that use these devices are properly protecting them.

Malware targeting point-of-sale systems is evolving drastically, and new trends like memory scraping and the use of encryption to avoid detection from firewalls are on the rise. To guard against the rising tide of breaches, retailers should implement more stringent training and firewall policies, as well as reexamine their data policies with partners and suppliers.

For many years, businesses thought using a secure HTTPS Web connection protected them from a security breach. That no longer appears to be the case. While the increased number of businesses moving to a more secure Web protocol is a positive trend, hackers have identified ways to exploit HTTPS as a means to hide malicious code. Since the malware transmitted over HTTPS is encrypted, traditional firewalls fail to detect it.

Just as encryption can protect sensitive financial or personal information on the Web, it unfortunately can also be used by hackers to protect malware. One way organizations mitigate this risk is through SSL-based Web-browser restrictions, with exceptions for commonly used business applications to avoid slowing company productivity.

Several identified trends and predictions for the coming year, including the following:

Android will remain a main target for hackers. More sophisticated techniques will be developed to hinder Android malware researchers and users by making the malware hard to identify and research.

As wearable technology becomes more prevalent, expect to see malware start to target these devices.

Digital currencies, including Bitcoin, will continue to be targeted.

More organizations will enforce security policies that include two-factor authentication, which will likely increase the number of attacks on these technologies.

 

Posted in Best Practices for Merchants, Credit Card Security, Mobile Point of Sale, Payment Card Industry PCI Security, Point of Sale Tagged with: , , , , , , ,