McAfee and global research and advisory firm IHL Group released a report examining how retailers are reacting to the challenges of managing and protecting store systems.
“The retail storefront has gone through many changes over the last decade, but one thing that hasn’t changed is that customers are looking for a seamless and positive shopping experience,” said Greg Buzek, President at IHL Group, in a statement. “Customers want to be able to buy, fulfill and return anywhere. When done right, the introduction of mobile devices within the store can help enhance the customer experience but comes with expanded risks.”
These changes have caused two significant events to occur – the increased sharing of information between different types of devices, and the need to be able to share information wirelessly within the store, according to the report. Complicating matters is the growing sophistication of criminals looking to compromise retailer systems and complying with requirements of the PCI DSS standard.
In February of 2013, IHL Group surveyed a group of 66 executives in the retail and hospitality industries in North America. Among Tier I retailers, there were an equal percentage (38 percent) using a whitelisting approach as opposed to antivirus to protect their point-of-sale (POS) systems.
“When we look further into those over $5 billion in revenue, the difference between the two approaches widens significantly with 47 percent choosing a whitelist strategy compared to 26 percent selecting the antivirus strategy, a difference approaching 2x,” according to the report. “This data clearly suggests an ongoing strategy change around securing POS systems. When we consider the drivers section…and then consider the key benefits of whitelisting, we see a strong correlation between security concerns and strategies for addressing those concerns.”
“No survey respondents below $250 million in revenue noted the use of whitelisting, though two-thirds utilized antivirus/anti-malware software to secure their POS systems,” the report added.
The study also revealed that retailers understand PCI compliance, but struggle when the amount and variety of store systems increases to provide the necessary security and compliance management. On average only 22 percent trust the POS system manufacturer to provide security, according to the report.
“The retail storefront has undergone significant changes to deliver convenience and speed to the customer,” said Tom Moore, vice president of worldwide embedded sales at McAfee, in a statement. “Data breaches are not new to this industry, but the expanded footprint of systems like kiosks and digital signs to the mix is adding complexity to the environment. This research validates that the security concern is real and that retailers need to provide a secure experience for their customers.”
The report is available here.
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- OWASP’s 2023 API Security Top 10 Refines View of API Risks
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- Blumira Raises $15 Million for SMB-Tailored XDR Platform
- Microsoft Will Pay $20M to Settle US Charges of Illegally Collecting Children’s Data
- KeePass Update Patches Vulnerability Exposing Master Password
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Keep Aware Raises $2.4M to Eliminate Browser Blind Spots
