Security Experts:

Retailers Challenged by Mobility, Securing POS Systems

McAfee and global research and advisory firm IHL Group released a report examining how retailers are reacting to the challenges of managing and protecting store systems.

"The retail storefront has gone through many changes over the last decade, but one thing that hasn’t changed is that customers are looking for a seamless and positive shopping experience," said Greg Buzek, President at IHL Group, in a statement. "Customers want to be able to buy, fulfill and return anywhere. When done right, the introduction of mobile devices within the store can help enhance the customer experience but comes with expanded risks."

These changes have caused two significant events to occur – the increased sharing of information between different types of devices, and the need to be able to share information wirelessly within the store, according to the report. Complicating matters is the growing sophistication of criminals looking to compromise retailer systems and complying with requirements of the PCI DSS standard.

In February of 2013, IHL Group surveyed a group of 66 executives in the retail and hospitality industries in North America.  Among Tier I retailers, there were an equal percentage (38 percent) using a whitelisting approach as opposed to antivirus to protect their point-of-sale (POS) systems.

"When we look further into those over $5 billion in revenue, the difference between the two approaches widens significantly with 47 percent choosing a whitelist strategy compared to 26 percent selecting the antivirus strategy, a difference approaching 2x," according to the report. "This data clearly suggests an ongoing strategy change around securing POS systems. When we consider the drivers section…and then consider the key benefits of whitelisting, we see a strong correlation between security concerns and strategies for addressing those concerns."

"No survey respondents below $250 million in revenue noted the use of whitelisting, though two-thirds utilized antivirus/anti-malware software to secure their POS systems," the report added.

The study also revealed that retailers understand PCI compliance, but struggle when the amount and variety of store systems increases to provide the necessary security and compliance management. On average only 22 percent trust the POS system manufacturer to provide security, according to the report.

"The retail storefront has undergone significant changes to deliver convenience and speed to the customer,” said Tom Moore, vice president of worldwide embedded sales at McAfee, in a statement. "Data breaches are not new to this industry, but the expanded footprint of systems like kiosks and digital signs to the mix is adding complexity to the environment. This research validates that the security concern is real and that retailers need to provide a secure experience for their customers."

The report is available here

view counter
Singapore ICS Cyber Security Conference