Retail CIOs Not Serious About POS Risks

by CXOtoday News Desk    Mar 11, 2015

POS

Large retailers, franchises and small businesses alike have been increasingly affected by new vulnerabilities and malware targeting a variety of POS devices, systems and vendors. Despite that majority of retail IT security professionals are not concerned about the issue, forget taking steps to minimize it.

A Tripwire study revealed that only 18 percent of retail IT security professionals were concerned that point of sale devices were being targeted by cyber criminals, and only 20 percent were “confident” that point of sale devices were securely configured.

“It’s imperative that enterprises establish the ability to continuously monitor their network for unknown devices and applications, validate them against a trusted reference point, and quickly remediate weak or unsafe configurations,” said Dwayne Melancon, CTO, Tripwire. “Standards, machine-to-machine learning and continuous security configuration management can significantly accelerate progress toward this goal.”

 Not only POS, most retail IT professionals have inadequate visibility into the security of common devices already on their networks such as routers, switches, modems and firewalls and have very limited awareness of IoT devices, says the study.

Some of the other Key findings from the study included:

 Thirty-four percent of retail executives were “not confident” all the devices on their networks were authorized. Just 18 percent of financial services respondents and 20 percent of energy sector respondents expressed the same doubts.

Thirty-six percent of retail executives were “not confident” that all the devices connected to their networks were running only authorized software. Only 25 percent of financial service respondents and 32 percent of energy respondents shared the same concern.

Only 25 percent of retail executives expected to receive additional budget to support the expanded security necessary to protect IoT devices. Fifty-nine percent of financial respondents and 52 percent of energy respondents expected to receive additional budget.

Over 45 percent of retail executives said they were “not concerned at all” about the security risks associated with IoT devices connected to their networks, while 35 percent of financial services respondents said they are “very concerned.”

“The results of this research reflect many of the challenges retail security teams face,” said Ken Westin, security and threat analyst for Tripwire. “One of the most positive findings is that retail organizations can dramatically improve security by focusing on a few key fundamentals. After all, you can’t keep anything secure if you don’t know it’s on your network.”

The study also revealed that 35 percent of retail IT professionals have inadequate visibility into the security of common devices already on their networks such as routers, switches, modems and firewalls, and 51 percent don’t believe they can effectively communicate the security risks associated with IoT devices to the C-suite and corporate board.