As more companies in the Philippines, particularly those in the retail sector, embrace digital transformation, a cybersecurity plan should be in place as retail firms make the online transition. When it comes to security, it is crucial to acknowledge that all POS systems pose some level of risk. Many attackers are simply looking for targets by exploiting vulnerable systems and launching automated attacks on their POS environments.
The Covid-19 pandemic has increased pressure on global and local businesses to “transform” in order to remain competitive. However, according to a cybersecurity firm, this transformation should be accompanied by a solid cybersecurity strategy. With retail shifting much of its business online, many have considered adopting software-defined wide-area network (SD-WAN) technology to get the high-speed connectivity they need for their various POS systems and applications, as per the country manager of a cybersecurity firm in the Philippines.
The executive added that this new solution, however, may “open” the business networks of retails firms “to new vulnerabilities and threats and that retailers need to find a better way to secure their network environment.”
Point-of-sale (POS) malware is now one of the cybercriminals’ primary sources of stolen payment cards. Despite making headlines in the last year, the POS malware threat has been slowly germinating since 2005.
The Manager of Systems Engineering at the global security and provider in the Philippines said retail firms continue to face the challenges of digital transformation, including managing risks and compliance, having end-to-end visibility, and operational efficiency. On top of these challenges, he said, retail firms must also address cybersecurity issues. One very common issue is data security: data stored in retail firms’ point-of-sale (POS) devices and in the cloud are “a common and lucrative target for cybercriminals.”
According to the security and network provider, “for retailers to achieve security proficiency, maintain PCI compliance, and stay up to date with ever-changing data privacy regulations, their information technology (IT)T teams require extensive visibility and control across environments.” Considering the number of devices and POS systems dispersed across store locations, it can be easy for security teams to lose track of what they’re meant to protect – therefore, end-to-end visibility must be achieved early on, and continuously maintained, in any retail cybersecurity plan, the company said.
This necessitates an integrated security fabric that enforces consistency across the entire attack surface; it should also enable centralised and consolidated management and control, even in the largest distributed retail networks. There are numerous ways for a POS to prevent data breaches or accidental data misuse. If your point of sale is used to collect customer data, such as contact or payment information, your company will be held liable in the event of a data breach.
As a result, many retailers now use network-level encryption even within their own networks. While that change safeguarded the data as it moved from one system to the next, credit card numbers are not encrypted in the systems themselves and can still be found in plain text within the memory of the POS system and other computer systems responsible for processing or passing on the data. Because of this vulnerability, “RAM-scraping” malware has emerged, allowing attackers to extract data from memory while the data is being processed inside the terminal rather than when the data is travelling through the network.
The manager also stated that it will depend on the requirement of a local retailer. The executive said local retailers can start “small.” Perhaps they can secure a few servers or secure a subscription-based security plan, he added. The company further said, “the evolving nature of technology and changing consumer expectations is a constant — something retailers quite simply must embrace or avoid falling behind.” For businesses to survive in this new era, they must adapt and accept that their success ultimately hinges on how well they can utilise digital technology in its many forms, the company noted.