The U.S. Secret Service has revealed that more than 1,000 retailers have been hit by the point-of-sale (POS) malware known as “Backoff.” The alert notes that the malware “has likely infected many other victims who are unaware that they have been compromised.” This type of memory scraping infection is another case of history repeating itself, yet many organizations continue to take a wait-and-see approach. This is dangerous any time of year – but even more so with the holiday-freeze period approaching.
This wide-scale inertia may be due to any of a number of common misunderstandings within the business, like:
– We have antivirus software in place so we’re protected.
– The issue is too difficult to tackle.
– We’re too small to be a target.
To clear up the confusion, consider that:
Antivirus isn’t enough – A number of recent analyst reports from firms including Forrester Research, Gartner and Securosis, as well as from some prominent antivirus vendors, all confirm what security and risk professionals have known for years—antivirus technologies are not effective at stopping advanced threats to endpoints. AV has a place in your security stack, and there are free AV alternatives to the traditional paid-for model.
POS systems are not difficult to lock down against attack – Application whitelisting (application control) solutions are readily available and easy to deploy on fixed-function devices like POS systems. This deployment can occur in a matter of days in many cases.
Every entity that uses POS systems is a target – including retailers, healthcare providers, government offices, and many more, regardless of size. In fact, as more large enterprises make the shift to positive security solutions, their smaller counterparts that remain exposed to threats become even more attractive targets.
We’ll be hosting a webinar, “In the Crosshairs: Locking Down Point of Sale Systems,” on September 17, where we’ll dive deeper into these misconceptions. We’ll also discuss how retailers can respond to threats such as Backoff and other malware. We will also address other types of vulnerabilities to POS systems. We’ll hope you’ll join us.