No Exit: How to Keep Data from Escaping via POS Systems

Retailers all over the world lose sleep over data breaches—and CSOs and IT security managers work hard to make sure that cyber thieves stay out of their endpoints and networks. They are layering on more anti-malware solutions, tighter defenses at email and web gateways, stronger next-generation firewalls, and more efficient intrusion prevention systems. But with all the concern over malware infiltration, they often overlook data loss prevention (DLP)—in other words, preventing the exfiltration of sensitive or confidential data and intellectual property (IP).

The 2014 Verizon Data Breach Investigations Report offers some important insights into emerging patterns of data breaches. According to Verizon, POS intrusions accounted for 14% of breaches in 2013—not an insignificant number by any means.

POS-initiated breaches can occur at places people frequent every day: hotels, gas stations, restaurants, grocery stores, and retail stores at the mall. It’s a problem that plagues major retailers and small and mid-sized businesses alike. In the case of the highly publicized Target POS breach, cyberfraudsters planted POS malware and intercepted about 110,000,000 records worth of payments, transactions, and other personally identifiable information. McAfee Labs did some investigation and determined that the malware used in this breach was probably similar to off-the-shelf malware like “BlackPOS.” This type of malicious code consists of scripts that upload the victim’s data to an FTP server.

So how do you keep cyberfraudsters from expropriating data in this manner? McAfee Network Data Loss Prevention (DLP) is one way to protect data. It automatically scans network traffic across ports, protocols (including FTP), and content types and enforces policies for 300 different content types, so you can protect all your data—known and unknown.

The report also indicates that no matter how large the victim organization is, breaches are often discovered because someone else tells them about it—and that could take weeks. No one wants to be placed in this embarrassing position, which could result in brand damage and loss of customer confidence. McAfee Data Loss Prevention can provide help on this front by monitoring traffic to see if any suspicious files have been sent out. Even if a policy violation is not triggered, McAfee Data Loss Prevention is proactive in that it can capture a copy of the data for later analysis. This way, there won’t be any surprises—you’ll be the first to know should a breach occur.

McAfee highly recommends a data risk assessment to determine your level of risk and what type of protection is best for POS systems. A quick and effective way to do that is by installing the McAfee Data Loss Prevention Monitor appliance powered by McAfee Capture technology. You’ll be able to find out exactly where PCI and other sensitive data lives (and don’t be surprised if you find it in the most unexpected places). You’ll also have the tools to create an inventory of storage locations, so that you can identify areas where defenses are weak. You’ll get a comprehensive picture of how data flows throughout your organization, and you’ll be able to make sure data stays where it belongs. If you’re a retailer or small business that relies on POS, McAfee Data Loss Prevention may very well become your new best friend.

Leave a Comment

sixteen − 5 =