The retail and hospitality industry, really anyone who accepts credit cards or has an on-line presence faces a number of cyber threats. Everyone is aware of the Target, Home Depot and Yahoo breaches; and are aware that all of these organizations received a lot of press, and not all good.
In these instances, it was highlighted that compliance does not necessarily mean secured. The challenges for this industry are derived from the fact that they are usually distributed environments, limited bandwidth for certain geographic locations, custom requirements for POS systems, and a lack of security professionals for distributed environments. In addition, there may not be a centralized system to get an overview of the systems in general.
For this industry there are many attack vectors, especially when connected to third parties, e-commerce, insider threats, whaling/phising and more. In addition, an increased threat can occur during peak times, when IT are generally swamped simply trying to keep the systems up and running.
The payload can be substantial, including sensitive customer information and credit card numbers.
The threats to this industry will continue to evolve and will include DDOS attacks, APT’s, as well as malware., mobile and IoT issues.
A good place to start is always to review the compliance requirements for PCI DSS, it is a very comprehensive, however getting an overview of your current security posture, as well as detailing out the flow of data is also required.
Symtrex can assist by reviewing the current security posture, identifying potential issues, and provide guidance and recommendations. Should you wish to receive a consultation, feel free to contact us.